4.5

Question 1

What is Digital Forensics

Answer 1

• Collect and protect information relating to an intrusion.

- Need to be detail oriented

Question 2

What are the guidelines for Digital Forensics

Answer 2

RFC 3227

Question 3

What is a legal hold

Answer 3

• a legal technique to preserve relevant information
• Hold notification
• Separate repository for electronically stored information (ESI)
• Ongoing preservation

Question 4

What is a capture video

Answer 4

• A moving record of the event
• Captures the status of the screen and the other volatile information
• Don’t forget security cameras and your phone
• The video content must be archived

Question 5

Name five points of admissibility

Answer 5

• Not all data can be sued in a court of law
• Legal authorization
• Procedures and tools
• Laboratories
• Technical and academic qualifications

Question 6

Control evidence, everyone who contacts the evidence, and label and cataloging everything is part of what system

Answer 6

Chain of custody

Question 7

Recording time offsets

Answer 7

• The time zone determines how the time is displayed
• Different file systems store timestamps differently
• Record the time offset from the operating system

Question 8

Name an event log and what does it do. Where would it be stored

Answer 8

• A system log
• Exports and stores for future reference
• Log store:
  Linux: /var/log
  Windows: Event Viewer

Question 9

What is the Order of Volatility

Answer 9

How long does data stick around.

Question 10

Name the Order of volatility from most to least volatile

Answer 10

• CPU registers, CPU cache
• Router table, ARP cache, process table, kernel statistics, memory
• Temporary file systems
• Disk
• Remote logging and monitoring data
• Physical configuration, network topology
• Archival media

Question 11

Right to audit clauses

Answer 11

a legal agreement that allows the following option(s):

• To perform a security audit at any time
• Allows the ability to verify security before a breach occurs

Question 12

Data breach notification laws

Answer 12

If consumer data is breached, the consumer must be informed

Question 13

How does Hashing help to preserve integrity

Answer 13

Hashing leaves a digital fingerprint

Question 14

How do Checksums help to preserve integrity

Answer 14

Protects against accidental changes during transmission. It is not designed to replace a hash

Question 15

How does a Provenance help to preserve integrity

Answer 15

Documentation of authenticity

a chain of custody for data handling

Question 16

What are 3 skills one should have when preserving evidence and name an example for each

Answer 16

Handling evidence
- Isolate and protect the data
Managing the collection process
- Work from copies
Live collection 
- Data may be encrypted or difficult to collect after powering down

Question 17

What is E-discovery

Answer 17

• Collect prepare, review, interpret, and produce electronic documents

Question 18

Data recovery

Answer 18

Extract missing data without affecting the integrity of the data

Question 19

Non-repudiation

Answer 19

Proof of data integrity and the origin of the data.

Question 20

True or False Message Authentication Code (MAC) can be used to verify non-repudiation

Answer 20

The two parties can verify non-repudiation

Question 21

Difference between Strategic intelligence and Strategic counterintelligence

Answer 21

Strategic intelligence is a focus on key threat activity for a domain for a example a business sector

Strategic counterintelligence is a focus to prevent hostile intelligence operations