Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Network And Cloud Forensics > Module 6 - Usefulness in Investigations - Virtualized Environments > Flashcards

Module 6 - Usefulness in Investigations - Virtualized Environments Flashcards

Identify principle ways that virtualization helps forensics

1
Q

Benefit of Virtualization

A

can change a static, dead-box analysis to a live analysis, which can be more insightful.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Types of Info / Collection on Virtualized System (4)

A
  • This allows an examiner to see what a user saw
  • Let malware continue to run identifying running processes
  • Allow for the capture of memory, which is helpful after malware launches
  • Allows for logs on the virtual system, e.g., anti-virus logs, to viewed with native applications
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

From memory on live (virtualized) system, can determine: (4)

A
  • open ports and processes
  • Sockets
  • Files loaded into memory
  • Encryption keys
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Virtualization and malware analysis

A
  • simulate Internet connection

- malware may be VM aware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Snapshots

A
  • can be used to rollback state of VM
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Network And Cloud Forensics (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions