IS4670 CHAPTER 7 TERMS & DEFINITIONS Flashcards
1
Q
- Data that an attacker leaves behind when compromising a system—such as code fragments, trojaned programs, running processes, or sniffer log files.
A
Artifacts
2
Q
- A switch an attacker plants that destroys any evidence when the system detects that it’s offline.
A
Dead man’s switch
3
Q
- Evidence that clears or tends to clear someone of guilt.
A
Exculpatory evidence
4
Q
- A data collection method that involves taking a snapshot of a system in its compromised state and notifying the necessary authorities.
A
Freezing the scene
5
Q
- Evidence presented by a person who was not a direct witness. Hearsay is generally inadmissible in court and should be avoided.
A
Hearsay
6
Q
- A data collection process that involves creating a replica system and luring the attacker into it for further monitoring.
A
Honeypotting
7
Q
- A list of evidence sources, ordered by relative volatility.
A
Order of volatility
8
Q
- A data collection method that involves limiting what an attacker can do while still on the compromised system, so the attacker can be monitored without much further damage.
A
Sandboxing