Digital Forensics Flashcards
(28 cards)
What is the Forensic Process by NIST?
Collection, Examination, Analysis, Reporting
What is Admissibility?
Relatability to disputed facts and violations
What is the Order of Volatility?
Securing more perishable evidence first
What is Random Access Memory (RAM)
Volatile memory used to run applications
What is the CPU Cache?
A fast block of volatile memory used by the CPU
What is used when RAM is exhausted?
Swap/Page File/ Virtual Memory
What does RAM stand for
Random Access Memory
What can command-line tools be used for?
Showing information about the computer and the established ports
What is the Chain of Custody?
Ensurance of evidence being collected with no breaks in the chain
Crucial Aspect
What is it known as when Chain of Custody has been carried out properly?
Data Provenance
What is it known as to protect documents that are evidence?
Legal or Litigation hold
What are Artifacts
Log files
Registry hives
DNA
Why do we have top take Forensic Copies?
For analyzing; we must keep the original data intact and unaltered
Why do we take System Images
To capture a PC and search for criminal activity
What can be reverse engineered, and is susceptible to rootkit and backdoor attacks?
Firmware or Embedded Systems
Why do we take hashes?
To analyze data
When doing an investigation, where are the places we can look?
Network Traffic
Firewall
NIPS
NIDS
What do we need to do to in order to use data as evidence in court?
Ensure that it is in its original state
What is the process known as recovery?
Dealing with an incident, and possibly restoring from a backup
What Stage is verifying the purpose of cloud forensics?
Stage A
What Stage is verifying the type of cloud service?
Stage B
What Stage is verifying the type of technology behind the cloud?
Stage C
What is Stage D of Cloud Forensic 26?
Verifying the role of the user and negotiate with the Cloud Service Provider to collect evidence required
Why was Cloud Forensic 26 created?
To focus on the competence and admissibility of evidence
