Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Digital Forensics > Live and RAM Forensics > Flashcards

Live and RAM Forensics Flashcards

1
Q

What does the RAM contain that might be of interest to a forensic examiner?

A
  • Encryption keys
  • Passwords
  • Email addresses and other recently typed information
  • Loaded program code
  • Open network connections
  • Running processes
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Name two RAM architectures

A
  • Stack : fast, hold temporary (local) variables, deallocated after function execution
  • Heap : Slower than stack, programmable, global variables, deallocated at quit or by code
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What problems might occur in terms of anti-forensics?

A
  • Full disk encryption
  • FDE + non-root system
  • Steganography
  • Data wiping
  • Data hiding
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the Order of Volatility?

A

While working with live forensics, you need to “work your way from the volatile to the less volatile.”

like. .
- Registers, cache
- Routing table, process table, memory
- Disk
- Remote logging and monitoring data
- Physical configuration, network topology
- Archival data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Digital Forensics (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions