Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Digital Forensics > Windows forensic part 3 > Flashcards

Windows forensic part 3 Flashcards

1
Q

What is spoliation?

A

Intentional acts of destruction, alteration or any other action with the purpose of preventing the retrieval of artifacts of evidential value.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How do you know if any spoliation has taken place?

A

You have to compare deleted files SIA, permissions, link files and $Logfile.
If there is any deletion of files you should look in $Bitmap at the appropriate location if it has been modified to show if the space is occupied by the MFT record and the file itself is unallocated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How can you see if there have been any data destruction?

A

Some specific files and folders that have been wiped may have their names changed to something without sense like: aaaaa.aa or DELETED_DELETED_DELETED.
Sometimes the fact that a wiping tool was used is itself a an evidence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does Fragmentation mean?

A

Related data are “scattered” and not aligned in a sequential manner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does Defragmentation mean?

A

Process of gathering data structures that are spread across the disk and places them into contiguous clusters. (to improve system performance)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How can you tell if the system recently has been defragmented?

A
  • Are there artefacts related to program installaion?
  • Are there presence of thirds party defragmentation tools?
  • Are the files sorted by number of file fragments in forensic tools?
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Is the file data lost when the Recycle bin is empty?

A

No, it´s time stamps can still reveal useful data about when it was emptied.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which three categories of general Internet Explorer artifacts are there?

A
  • Cookies
  • Internet History
  • Web Cache
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What information may you find from Internet Explorer Cookies?

A

URLs, Domain names, User names, date/time etc..

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What kind of internet history can you find?

A
  • Cumulative History (lastt URL visit timestamp)
  • Daily history
  • Weekly history
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are saved in the Web cache?

A

Actual files downloaded as a part of web browsing, you can find the URL from which the file was downloaded and the number of times that URL was visited.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What can you find out from an email client?

A

information related to emails, contacts and calendars

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Digital Forensics (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions