Cengage Chapter 6 - Current Digital Forensics Tools Flashcards
The process of creating a duplicate image of data; one of the required functions of digital forensics tools.
acquisition
The process of trying every combination of characters—letters, numbers, and special characters typically found on a keyboard—to find a matching password or passphrase value for an encrypted file.
brute-force attack
A project sponsored by the National Institute of Standards and Technology to manage research on digital forensics tools.
Computer Forensics Tool Testing (CFTT)
The process of pulling relevant data from an image and recovering or reconstructing data fragments; one of the required functions of digital forensics tools.
extraction
A method of finding files or other information by entering relevant characters, words, or phrases in a search tool.
keyword search
A NIST project with the goal of collecting all known hash values for commercial software and OS files.
National Software Reference Library (NSRL)
An attack that uses a collection of words or phrases that might be passwords for an encrypted file. Password recovery programs can use a ________________ to compare potential passwords to an encrypted file’s password or passphrase hash values.
password dictionary attack
The process of rebuilding data files; one of the required functions of digital forensics tools.
reconstruction
A way to confirm that a tool is functioning as intended; one of the functions of digital forensics tools.
validation
The process of proving that two sets of data are identical by calculating hash values or using another similar method.
verification
A hardware device or software program that prevents a computer from writing data to an evidence drive. Software write-blockers typically alter interrupt-13 write functions to a drive in a PC’s BIOS. Hardware write-blockers are usually bridging devices between a drive and the forensic workstation.
write-blocker
