4.5 Flashcards
What is Digital Forensics
- Collect and protect information relating to an intrusion.
- Need to be detail oriented
What are the guidelines for Digital Forensics
RFC 3227
What is a legal hold
- a legal technique to preserve relevant information
- Hold notification
- Separate repository for electronically stored information (ESI)
- Ongoing preservation
What is a capture video
- A moving record of the event
- Captures the status of the screen and the other volatile information
- Don’t forget security cameras and your phone
- The video content must be archived
Name five points of admissibility
- Not all data can be sued in a court of law
- Legal authorization
- Procedures and tools
- Laboratories
- Technical and academic qualifications
Control evidence, everyone who contacts the evidence, and label and cataloging everything is part of what system
Chain of custody
Recording time offsets
- The time zone determines how the time is displayed
- Different file systems store timestamps differently
- Record the time offset from the operating system
Name an event log and what does it do. Where would it be stored
- A system log
- Exports and stores for future reference
- Log store:
Linux: /var/log
Windows: Event Viewer
What is the Order of Volatility
How long does data stick around.
Name the Order of volatility from most to least volatile
- CPU registers, CPU cache
- Router table, ARP cache, process table, kernel statistics, memory
- Temporary file systems
- Disk
- Remote logging and monitoring data
- Physical configuration, network topology
- Archival media
Right to audit clauses
a legal agreement that allows the following option(s):
- To perform a security audit at any time
- Allows the ability to verify security before a breach occurs
Data breach notification laws
If consumer data is breached, the consumer must be informed
How does Hashing help to preserve integrity
Hashing leaves a digital fingerprint
How do Checksums help to preserve integrity
Protects against accidental changes during transmission. It is not designed to replace a hash
How does a Provenance help to preserve integrity
Documentation of authenticity
a chain of custody for data handling
What are 3 skills one should have when preserving evidence and name an example for each
Handling evidence - Isolate and protect the data Managing the collection process - Work from copies Live collection - Data may be encrypted or difficult to collect after powering down
What is E-discovery
- Collect prepare, review, interpret, and produce electronic documents
Data recovery
Extract missing data without affecting the integrity of the data
Non-repudiation
Proof of data integrity and the origin of the data.
True or False Message Authentication Code (MAC) can be used to verify non-repudiation
The two parties can verify non-repudiation
Difference between Strategic intelligence and Strategic counterintelligence
Strategic intelligence is a focus on key threat activity for a domain for a example a business sector
Strategic counterintelligence is a focus to prevent hostile intelligence operations
