Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

COMP41950 Adv Forensics > MAC Forensics > Flashcards

MAC Forensics Flashcards

1
Q

Name two ways to obtain a forensic copy

A

1.Target Disk Mode
2.Network Aquisition
3.Hard Drive Removal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Disk Arbitration?

A

A software service, can block mounting/u mounting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the command to list attached drives?

A

Sudo diskutil list

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How do you list information about a particular drive?

A

Sudo diskutil info <drive></drive>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How do you start a Mac in target mode?

A

Hold down “t”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Command to transfer data from one computer to another

A

-nc =netcat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the advantages of Network Aquisition?

A
  1. Can do multiple seized computers at once
  2. No need for dns or gateway
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

COMP41950 Adv Forensics (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions