IS4670 CHAPTER 5 TERMS & DEFINITIONS Flashcards
1
Q
- Data stored in the Windows swap file, unallocated space, and file slack. It includes e-mail fragments, word processing fragments, directory tree snapshots, and potentially almost anything that has occurred on the subject computer.
A
Ambient computer data
2
Q
- Tools that are used to check that the output of a program is as expected, given certain inputs. These tools do not actually examine the program being executed
A
Black-box system forensics software tools
3
Q
- The process of encoding information with fewer bits than the un-encoded information would use.
A
Compression
4
Q
- Two Internet Protocol (IP) addresses that are communicating with each other, as well as two port numbers that identify the protocol or service.
A
Connection
5
Q
- The department of the U.S. federal government that coordinates and supervises agencies and functions of the government related to national security and the U.S. armed forces.
A
Department of Defense (DoD)
6
Q
- A U.S. federal government agency that sets standards for digital evidence processing, analysis, and diagnostics. It is involved with DoD investigations that require computer forensic support to detect, enhance, or recover digital media.
A
DoD Cyber Crime Center (DC3)
7
Q
- A form of fragmentation that pertains to any space left over between the last byte of the file and the first byte of the next cluster. This is a source of potential security leaks involving pass- words, network logons, e-mail, database entries, and word processing documents.
A
File slack
8
Q
- A set of hardware and software components that protect system resources from attack by intercepting and checking network traffic.
A
Firewall
9
Q
- A computer memory chip or card that retains its data without being connected to a power source.
A
Flash memory media
10
Q
- A tool used to identify unknown strings of text by searching for values between “completely true” and “completely false.”
A
Fuzzy logic tool
11
Q
- An interface for issuing commands to a computer using a pointing device (mouse) that manipulates and activates graphical images on a monitor.
A
Graphical user interface (GUI)
12
Q
- A data collection process that involves creating a replica system and luring the attacker into it for further monitoring.
A
Honeypot
13
Q
- An area on a hard drive where data can be hidden. The HPA was designed as an area where computer vendors could store data that is protected from user activities and operating system utilities, such as delete and format.
A
Host protected area (HPA)
14
Q
- A hacking process by which iPhone firmware is overwritten to install third-party applications or unlock the device. This process makes modifications to the user data partition and is therefore forensically unsound.
A
Jailbreaking
15
Q
- On a drive that uses a DOS partition, a reserved space at the beginning of the drive. It often contains the boot code needed to start loading the operating system; and contains 62 sectors of empty space where data can be hidden.
A
Master boot record (MBR)
