Section 31: Incident Response and Forensics Flashcards

1
Q

Legal Hold

A

A process designed to preserve all relevant information when litigation is reasonable expected to occur

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Timeline

A

A tool that shows the sequence of file system events within a source image in a graphical format

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Considerations in data collection

A

capture and has system images, analyze data with tools, capture screenshots, review network traffic and logs, capture video, consider order of volatility, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Data Acquisition

A

The method and tools used to create a forensically sound copy of data from a source device, such as system memory or a hard disk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Order of volatility

A

cpu registers and cache memory

contents of system memory (RAM), routing tables, ARP cache, process table, temporary swap files

data on persistent mass storage (HDD/SSD/flash drive)

Remote logging and monitoring data

physical configuration and network topology

archival media (backup tapes, offsite storage, cds, dvds)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Order of volatility

A

cpu registers and cache memory

contents of system memory (RAM), routing tables, ARP cache, process table, temporary swap files

data on persistent mass storage (HDD/SSD/flash drive)

Remote logging and monitoring data

physical configuration and network topology

archival media (backup tapes, offsite storage, cds, dvds)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

dd

A

A command line utility used to copy disk images using a bit by bit copying process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

FTK Imager

A

A data preview and imaging tool that lets you quickly assess electronic data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Memdump

A

A command line utility used to dump system memory to the standard output steam by skipping over holes in memory maps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

WinHex

A

A commercial disk editor and universal hex editor used for data recovery and digital forensics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Autopsy

A

A digital forensics platform and graphical interface to the The Sleuth Kit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Metasploit (MSF)

A

A computer security tool that offers information about software vulnerabilities, IDS signature development, and improves penetration testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Browser Exploitation Framework (BeEF)

A

A tool that can hook one or more browsers and can use them as a beachhead

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Cain and Abel

A

password recovery used to sniff the network and crack passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Jack the Ripper

A

an open source password security auditing and password recovery tool available

How well did you know this?
1
Not at all
2
3
4
5
Perfectly