forensics Flashcards
(20 cards)
What is the main goal of computer forensics?
To examine digital media in a forensically sound manner for identifying, preserving, recovering, analyzing, and presenting digital evidence.
What is digital forensics?
Essentially the same as computer forensics, but accounting for modern devices like mobile phones and IoT systems.
What is the first principle of digital evidence handling?
Do not change any data that might later be used in court.
What should a person do if they must access original data?
They must be competent and able to explain and justify their actions in court.
Why is an audit trail important in digital forensics?
It allows a third party to reproduce and verify the forensic process.
What is the role of the investigation lead in forensics?
To ensure that legal and forensic principles are followed throughout the process.
Where can digital evidence be located?
Locally (PCs, USBs), remotely (webmail, cloud), or in transit (texts, calls, emails).
What is a key risk when seizing evidence?
First responders might unknowingly destroy the forensic trail, making evidence inadmissible.
What is cyber attribution?
The process of identifying the source of a cyberattack, which is often difficult and imprecise.
What makes attribution to a real-world actor hard?
Attackers can easily mask their identity; attribution to a nation or individual is rarely definitive.
What does ISO 27000 provide?
A set of standards for managing information security within organizations.
What is ISO 27035 focused on?
Incident management within the broader ISO 27000 family of standards.
What is a lesson from the ISO framework about planning?
Failure to plan for incidents is equivalent to planning to fail.
What does ISO 27001 say about RDP credentials?
Revoked passwords may still allow login via locally cached credentials in Microsoft RDP, making revocation unreliable.
What is the issue with asset ownership in ISO 27001?
Assets must have an owner, but the responsibility for patching them is often unclear.
What is the relevance of cryptography in ISO standards?
It emphasizes understanding the legal requirements of different countries, especially under GDPR and PCI-DSS.
What do physical and environmental controls include?
Securing physical access to systems and ensuring environmental resilience like fire or flood protection.
What is CIS in cybersecurity frameworks?
Controls developed by the Center for Internet Security, widely adopted alongside PCI DSS and ISO.
What is SOC2?
A framework developed by the AICPA to ensure trust between service providers and customers, focusing on cybersecurity compliance.
What is NIST CSF 2.0?
An updated version of the U.S. NIST Cybersecurity Framework, aimed at critical infrastructure and adopted widely in 2024.
