Chapter 15-17 Forensics, Policies/Standards/Compliance, Risk Management Flashcards
Order of Volatility
- CPU cache and registers
- Routing Table, ARP cache, process table, kernal stats
- System Memory - RAM
- Temporary files and swap space
- Data on the hard disk/remote logs
- Backups
- Cache file
- RAM
- Page file
- Hard drive
- Network drive
- remote storage/backups
What is dd?
dd is a Linux command line tool that allows you to create images for forensic purposes
What is FTK Imager?
FTK imager is a free tool for creating forensic images
What is memdump?
Memdump is a linux command line tool used for capturing memory
What is WinHex?
WinHex is a disk editing tool that can acquire disks in a raw format
What is Autopsy?
Autopsy is the only “forensic suite” on the exam, it is open source and has broad capabilities
How can you validate a forensic copy?
create hashes of both the original and the copy, then compare the hash.
Policies
Standards
Procedures
Guidelines
Policies are high level statements of management intent, usually BROAD statements
Standards provide mandatory requirements describing how an organization will carry out policies
Procedures are detailed step by step processes that individuals and organizations must follow
Guidelines provide best practices and recommendations related to a concept, technology, or task
Guidelines are the only one that is not mandatory
What are the PCI DSS compensating control criteria?
- intent and rigor
- similar level of defense
- above and beyond the original control
What is least privilege and privilege creep
The concept of least privilege is that no employee should have more privileges than absolutely necessary to do their job
Privilege creep is when an employee changes positions in the company and accumulates privileges without them being revoked from the last position
What is separation of duties
for extremely sensitive job functions where two different tasks combined have significant sensitivity such as accounting. Two person control should be used
What is job rotation
takes employees with sensitive roles and moves them periodically to other positions within the company, making fraud difficult. Mandatory vacations serve the same purpose.
Clean desk policies are designed to protect confidentiality
What is an MSA
Master service agreements provide umbrella contract for work that the vendor does with an organization over an extended period of time often with detailed security and privacy requirements
What is a SLA
service level agreement specifies the conditions of service that will be provided
What is an MOU
memorandum of understanding documents aspects of the relationship
What is a BPA
Business Partnership Agreement exists when two organizations do business together in a partnership
What is EOL/EOSL
end of life/ end of service life
What is HIPAA and PCI DSS
industry data protection standards for healthcare and payment card
what is GDPR
General Data Protection Regulation implements security and privacy requirements for personal info of EU residents worldwide.
what is AUP
acceptable use policy
what is the NIST CSF and its 5 elements
what is NIST RMF
cyber security framework, Identify Protect Detect Respond Recover
Risk management framework
What is the ISO
international organization for standardization for best practices for cyber security and privacy
what is ISO 27001
information security standards
what is ISO 27002
information security standards like 27001, but goes beyond control objectives and describes actual controls
