Chapter 6: Current Digital Forensics Tools Flashcards
Encryption
The process of converting information or data into a code, especially to prevent unauthorized access.
reconstruction
Re-create a suspect drive to show what happened during a crime or an incident.
acquisition
Making a copy of the original drive.
brute-force attack
A trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys.
Computer Forensics Tool Testing (CFTT)
Manages research on computer forensic tools.
extraction keyword search
Text analysis technique that consists of automatically extracting the most important words and expressions in a text, speeds it up for investigators.
National Software Reference Library (NSRL) password dictionary attack
Brute-force hacking method used to break into a password-protected computer or server by systematically entering every word in a dictionary as a password.
Reconstruction
Recreate a suspect drive to show what happened during a crime or incident.
validation
An automatic computer check to ensure that the data entered is sensible and reasonable. It does not check the accuracy of data.
write-blocker
Prevents data writes to a hard disk.
carving
The identification and extraction of file types from unallocated clusters using file signatures.
purpose of the reconstruction function in a forensics investigation
To recreate image of a suspect drive.
BitLocker
Full volume encryption feature included with Microsoft Windows (Pro and Enterprise only) versions starting with Windows Vista.
the standard indicator for jpeg graphics files
FFD8
Data copy sub-functions
Physical data copy, logical data copy, data acquisition format, command -line acquisition, GUI acquisition, remote, live, and memory acquisitions.
