4.8 Flashcards

1
Q

Threat Hutning

A

Proactive cybersecurity approach for continuous threat identification
Identify hidden or emerging threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

data collection procedures

A

Established methods for gathering relevant information during incident
response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Disk Imaging and Analysis

A

Creating a bit-by-bit copy (image) of a storage device, examining content
● Purpose
○ Recover data
○ Investigate incidents
○ Identify security issues

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

7 phases of incident response

A

prep
detection
analysis
containment
eradication
recovery
post incident activity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

RCA

A

Root Cause Analysis (RCA)
Systematic process to identify the initial source of an incident and prevent it from
recurring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

TTX

A

A theoretical exercise that presents an incident response scenario

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Simulation

A

Goes beyond tabletop discussions, involving realistic, hands-on scenarios

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

4 phases of digitial forensic procedues

A

identification
collection
analysis
reporting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Order of volatility

A

5 Steps of Order of Volatility
■ Collect data from the system’s memory
■ Capture data from the system state
■ Collect data from storage devices
■ Capture network traffic and logs
■ Collect remotely stored or archived dat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Disk Imaging

A

Involves creating a bit-by-bit or logical copy of a storage
device, preserving its entire content, including deleted files
and unallocated space

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

File Carving

A

Focuses on extracting files and data fragments from
storage media without relying on the file system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Legal Hold

A

Issued when litigation is expected and preserves potentially relevant
electronic data
● Ensures evidence is not tampered with, deleted, or lost
● Requires the implementation of preservation practices to protect systems
and evidence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

e discovery

A

electronic discovery
Process of identifying, collecting, and presenting electronically stored
information for potential legal proceedings
● Involves searching, analyzing, and formatting electronic data for litigation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

order of volatilty

A

Guides the sequence of collecting data, from most volatile (CPU registers and
cache) to least volatile (archival media)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Data acquistion

A

The method and tools used to create a forensically sound copy of data from asource device, such as system memory or a hard disk
■ Policies for bringing one’s own device (BYOD) complicate data acquisition
because it may not be legally possible to search or seize the devices
■ Some data can only be collected once the system is shutdown or the power is
disconnected