4.8 Flashcards
Threat Hutning
Proactive cybersecurity approach for continuous threat identification
Identify hidden or emerging threats
data collection procedures
Established methods for gathering relevant information during incident
response
Disk Imaging and Analysis
Creating a bit-by-bit copy (image) of a storage device, examining content
● Purpose
○ Recover data
○ Investigate incidents
○ Identify security issues
7 phases of incident response
prep
detection
analysis
containment
eradication
recovery
post incident activity
RCA
Root Cause Analysis (RCA)
Systematic process to identify the initial source of an incident and prevent it from
recurring
TTX
A theoretical exercise that presents an incident response scenario
Simulation
Goes beyond tabletop discussions, involving realistic, hands-on scenarios
4 phases of digitial forensic procedues
identification
collection
analysis
reporting
Order of volatility
5 Steps of Order of Volatility
■ Collect data from the system’s memory
■ Capture data from the system state
■ Collect data from storage devices
■ Capture network traffic and logs
■ Collect remotely stored or archived dat
Disk Imaging
Involves creating a bit-by-bit or logical copy of a storage
device, preserving its entire content, including deleted files
and unallocated space
File Carving
Focuses on extracting files and data fragments from
storage media without relying on the file system
Legal Hold
Issued when litigation is expected and preserves potentially relevant
electronic data
● Ensures evidence is not tampered with, deleted, or lost
● Requires the implementation of preservation practices to protect systems
and evidence
e discovery
electronic discovery
Process of identifying, collecting, and presenting electronically stored
information for potential legal proceedings
● Involves searching, analyzing, and formatting electronic data for litigation
order of volatilty
Guides the sequence of collecting data, from most volatile (CPU registers and
cache) to least volatile (archival media)