IS4670 CHAPTER 7 TERMS & DEFINITIONS Flashcards

1
Q
  • Data that an attacker leaves behind when compromising a system—such as code fragments, trojaned programs, running processes, or sniffer log files.
A

Artifacts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  • A switch an attacker plants that destroys any evidence when the system detects that it’s offline.
A

Dead man’s switch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  • Evidence that clears or tends to clear someone of guilt.
A

Exculpatory evidence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  • A data collection method that involves taking a snapshot of a system in its compromised state and notifying the necessary authorities.
A

Freezing the scene

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  • Evidence presented by a person who was not a direct witness. Hearsay is generally inadmissible in court and should be avoided.
A

Hearsay

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  • A data collection process that involves creating a replica system and luring the attacker into it for further monitoring.
A

Honeypotting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  • A list of evidence sources, ordered by relative volatility.
A

Order of volatility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  • A data collection method that involves limiting what an attacker can do while still on the compromised system, so the attacker can be monitored without much further damage.
A

Sandboxing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly