Module 1 - Insider Threats Flashcards

1
Q

Intrusion Definition

A

unauthorized access to a computer system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Protections - Gov (1) vs non (3)

A

Computer Fraud and Abuse Act

Private:
employment agreements
computer/end-user agreements
corporate policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Unintentional Intrusion (causes)

A
  • snooping through an organization

- not adhering to IT policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Unintentional Intrusion (results)

A

data and systems inadvertently altered (deleted or modified)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Intentional Intrusion (results)

A
  • accessing info without authorization
  • theft of data
  • damage to computer system
  • removing security safeguards
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Candidates for intentional

A
  • disgruntled employees
  • employees giving into temptation
  • employees who may have substantial financial gain
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Insider Threat Means (5)

A
  • physical access
  • within perimeter defenses
  • already have access to sensitive info
  • system admins with universal access
  • difficult to detect and defend
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Methods of Exfil (6)

A
  • corporate e-mail
  • personal e-mail
  • printing
  • web site
  • drop sites (dropbox, iCloud, Google docs)
  • external media
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Artifacts (5)

A
  • auditing of sensitive data
  • windows registry
  • corporate e-mail
  • Internet history
  • Windows event logs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Autopsy - history

A
Graphical interface for Sleuth Kit
Brian Carrier and Basis Technology
free
- Ver 2 - (Linux and OS X)
- Ver 3 (Windows 32 & 64)
- Add-on Modules/Plugins (Videos/Registry)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Autopsy Start up Procedures

A

Create case
add evidence file
preprocessing/ run ingest modules
building database

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Autopsy case file extension

A

aut

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Autopsy Data Source Options

A

Image Files
Local Disk
Logical Files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Autopsy Modules with Additional Options (2)

A

Hash Lookup

Keyword Search

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Autopsy Keyword Search Options (4)

A

Phone Numbers
IP Addresses
Email Addresses
URLs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Autopsy - Views - File Types

A

Images
Documents
Executables (.dll, .bat .cmd, .exe, .com)

17
Q

Autopsy Results - Extracted Content

A

Recent Documents
Installed Programs
Web History
Web Search

18
Q

Autopsy - To Extract

A

Right click file - Extract file(s)

19
Q

Autopsy Plugins

A

Tools - Plug-ins

20
Q

Autopsy Options menu

A
Tools - Options:
display settings
time zone setting
keyword searches
hashes
general settings
21
Q

Windows XP/7 Event Logs

A

Application.evt / Application.evtx
System.evt / System.evtx
Security.evt / Security.evtx

/Windows/System32/winevt/Logs

22
Q

Event Code for USB device driver install

A

10000

23
Q

Output for Windows Registry extractor Module

A

\ModuleOutput\Windows Registry Extractor

24
Q

Registry for USB Storage

A

\SYSTEM\ControlSet001\Enum\USBSTOR\