Miscellaneous Flashcards
Where is the file signature located for a digital file?
the first 20 bytes of the file
In File Carving, file identification and extraction is based on certain characteristics such as ______ ______ ______ ______ rather than the file extension or metadata.
file header or footer
In this technique, file identification and extraction is based on certain characteristics such as file header or footer rather than the file extension or metadata.
A file header as a signature is also known as?
a magic number
File carving refers to a technique that is used to recover deleted/lost files and fragments of files from the hard disk when?
file system metadata is missing
File carving in SSDs is different from HDDs because?
files deleted from the TRIM (enabled by default) enabled SSDs cannot be recovered
In TRIM _______ SSD’s, the forensic investigator can perform file carving to recover lost data from the drive.
disabled
In TRIM disabled SSD’s, the forensic investigator can perform file carving to recover lost data from the drive.
When a file is deleted from Linux using the command ______, the _____ pointing to the file gets removed but the file remains on the disk until it is ______ with new data
/bin/rm/
inode
overwritten
When a file is deleted from Linux using the command /bin/rm/, the inode pointing to the file gets removed but the file remains on the disk until it is overwritten with new data
In Linux, if an executable erases itself, its contents can be retrieved from a ______ memory image.
/proc
In Linu, if an executable erases itself, its contents can be retrieved from a /proc memory image.
What does the HTTP GET method do?
GET is used to request data from a specified resource.
What does the HTTP POST method do?
POST is used to send data to a server to create/update a resource.
What does the HTTP Connect method do?
The CONNECT method is used to start a two-way communications (a tunnel) with the requested resource.
What is a CFL?
Computer Forensics Lab
What are the 2 main accreditations for forensic lab licensing?
ASCLD/LAB Accreditation
ISO/IEC 17025
What does ASCLD/LAB stand for?
The American Society of Crime Laboratory Directors/Laboratory Accreditation Board
What does ASCLD/LAB do?
They assess and certify the competence of forensic laboratories
What does ASCLD/LAB accreditation enhances for a digital forensics lab?
ASCLD/LAB accreditation enhances the credibility of a digital forensics lab, making its findings more likely to be accepted in court.
ASCLD/LAB accreditation ensures that the lab follows standardized procedures, which is crucial for what?
The reliability and repeatability of forensic investigations.
What is the ISO/IEC 17025 standard?
ISO/IEC 17025 is an international standard that specifies the general requirements for the competence of testing and calibration laboratories. This standard is used by laboratories to develop their quality management systems and ensure they can consistently produce valid results.
Who launched the Computer Forensics Tool Testing Project (CFTT)?
National Institute of Standards and Technology (NIST)
What are the two main types of search warrants for a digital forensics investigation?
Electronic Storage Device Search Warrant, Search Provider Search Warrant
What is the equivalent in LInux of the dir command in Windows?
ls
Where are the recently created files located in Windows and a place to look for malware?
startup or system32 folder