Section 31: Incident Response and Forensics Flashcards
Legal Hold
A process designed to preserve all relevant information when litigation is reasonable expected to occur
Timeline
A tool that shows the sequence of file system events within a source image in a graphical format
Considerations in data collection
capture and has system images, analyze data with tools, capture screenshots, review network traffic and logs, capture video, consider order of volatility, etc.
Data Acquisition
The method and tools used to create a forensically sound copy of data from a source device, such as system memory or a hard disk
Order of volatility
cpu registers and cache memory
contents of system memory (RAM), routing tables, ARP cache, process table, temporary swap files
data on persistent mass storage (HDD/SSD/flash drive)
Remote logging and monitoring data
physical configuration and network topology
archival media (backup tapes, offsite storage, cds, dvds)
Order of volatility
cpu registers and cache memory
contents of system memory (RAM), routing tables, ARP cache, process table, temporary swap files
data on persistent mass storage (HDD/SSD/flash drive)
Remote logging and monitoring data
physical configuration and network topology
archival media (backup tapes, offsite storage, cds, dvds)
dd
A command line utility used to copy disk images using a bit by bit copying process
FTK Imager
A data preview and imaging tool that lets you quickly assess electronic data
Memdump
A command line utility used to dump system memory to the standard output steam by skipping over holes in memory maps
WinHex
A commercial disk editor and universal hex editor used for data recovery and digital forensics
Autopsy
A digital forensics platform and graphical interface to the The Sleuth Kit
Metasploit (MSF)
A computer security tool that offers information about software vulnerabilities, IDS signature development, and improves penetration testing
Browser Exploitation Framework (BeEF)
A tool that can hook one or more browsers and can use them as a beachhead
Cain and Abel
password recovery used to sniff the network and crack passwords
Jack the Ripper
an open source password security auditing and password recovery tool available