Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CYBR perimeter defense > 16-1 > Flashcards

16-1 Flashcards

1
Q

the electronic evidence as evidence that can be collected the electronic form of a criminal defense was determined by what council/convention

A

The council of Europe convention on cybercrime also called the Budapest convention on cybercrime or simple the Budapest convention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The EU has 5 principles that establish a basis fo all dealings with electronic evidence

A 
data integrity
audit trail
specialist support
appropriate training
legality
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Written by Scientific Working Group on Digital Evidence (SWEDGE) the Model Standard Operation Procedures for Computer Forensics state there are 4 steps of examination

A

Visual inspection
forensics duplication
media examination
evidence return

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The purpose of the __________ is just to verify the type of evidence, its condition, and relevant info to conduct the ecamination.

A

visual inspection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

the process of duplicating the media before examination

A

forensics duplication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

the actual forensics testing of the application

A

media examination

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

exhibits are returned to the appropriate location

A

evidence returemn

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

US Secret Service Forensics Guidelines

A

Secure scene
preserve evidence
determine if you can seize equipment
avoid accessing files. If off Leave off
if on, do not search computer
if the PC is destroying evidence, then turn off
determine if special legal considerations apply

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

one of the most important guidelines is to ___________ the computer as little as possible

A

touch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

you can make a forensic copy such as

A

access datas forensics toolkit
guidance software encase, PassMark software forensics
or with free tools on linux

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

with the FBI the first repsonder preserves the state of the the computer at the time if the incident by making a backup copy of any

A

logs
damaged / altered files
files left by the intruder

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

make sure to document specific losses suffered due to the attack to include

A

labor cost spent in response
cost of lost equipment
value of data stolen
lost revenue

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

computer evidence can include

A 
logs
portable storage devices
emails
storage capable devices
cell phones
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

tools used to retrieve and review the index.dat file

A

index. dat file
index. dat viewer
index. dat analyzer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

you have to turn logging on or other will be nothing in the following logs

A 
security
application
system
forward events
application and services
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Probably the most important log from a forensics point of view. it has both successful and unsuccessful log events

A

security log

CYBR perimeter defense (83 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions