Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CASP+ > Section 32: Digital Forensic Tools > Flashcards

Section 32: Digital Forensic Tools Flashcards

1
Q

Foremost

A

▪ A forensic data recovery programs that is commonly used to conduct file carving to extract deleted or corrupted data from a disk partition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Encase and FTK

A

Both have the ability to recover deleted files and perform
basic file carving

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Hexdump

A

A cross-platform tool that can be used to extract data from binary files and display their contents to the screen in hexadecimal, decimal, octal, or ASCII formats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Binwalk

A

A binary firmware image inspection tool that can be used to understand the components, characteristics, and composition of a binary firmware image

▪ Used when analyzing a file to determine if it is compressed, obfuscated, or encrypted by displaying a graph of the amount of entropy in the file’s contents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Ghidra

A

An open-source, cross-platform java-based utility used to conduct
software reverse engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Ollydbg

A

A graphical debugger alternative to GDB that is used with the Windowsmoperating system

▪ Used to convert the binary code of 1s and 0s back into something likenassembly language

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Readelf

A

A Linux utility that can read the Executable and Linkable Format in an
object file, which is known as ELF

▪ Contains the different structures that make the program operate
properly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Objdump

A

▪ A utility that is used to analyze object files, similar to readelf, but it also includes a disassembler to reveal the assembler commands used by the binary or program

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Strace

A

A Linux utility that can identify the interactions made between different processes and the Linux kernel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Ldd

A

▪ A Linux utility that is used to display a program’s dependencies
▪ Useful during a forensic malware analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

File

A

▪ A Linux utility that is used to display the type of file being inspected
▪ Uses the first two hexadecimal bytes to determine the file type known as the “magic bytes”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Exiftool

A

▪ A cross-platform utility written in Perl that can be used to read and write metadata from different file formats

▪ Used to read metatdata

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Volatility Framework

A

▪ An open-source memory forensics tool that has many different modules for analyzing specific elements of memory
▪ Volatility is a text-based command line interface tool that allows you to take a memory dump of a system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

FTK Imager

A

Forensic Toolkit Imager
▪ A forensically-sound software tool that can be used to create a disk
image
▪ Only works on a Windows laptop or desktop to capture the contents of a hard drive
▪ Documents the chain of custody
▪ Uses graphical user interface like most Windows programs
▪ The image can be read and analyzed by FTK, EnCase, or the Sleuth Kit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

dd Utility

A

▪ Found in all versions of the Linux and Unix operating system
▪ Used to create a bit-by-bit copy of a hard drive from the command line or shell environment in Linux

▪ Does not automatically create a chain of custody
▪ Requires a proper syntax at the command line

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Ssdeep

A

● Another hashing utility, but it not used to create a hash of the
evidence or disk image
● Used for recursive computing and matching of Context Triggered
Piecewise Hashing, also known as Fuzzy Hashing
o Fuzzy hashing
▪ Used to compare similar, but not identical files

17
Q

Nbtstat

A

▪ A utility that provides protocol statistics and current connections using the NetBIOS over TCP/IP
▪ Only used on Windows systems

18
Q

Process Status (PS)

A

▪ A utility that gives us the process status for any currently running
processes on a Linux system
▪ Only used in Linux, Unix, and Mac systems

19
Q

Ldd

A

▪ A Linux utility that is used to display a program’s dependencies
▪ Identify all of the shared libraries that are required by the particular
program or binary

20
Q

Lsof

A

▪ A Linux utility that is used to display a list of open files and the name of associated processes using those files
▪ Can identify any files and processes

21
Q

Netcat

A

▪ A networking utility that can read or write raw data to network
connections using either TCP or UDP
▪ Used in Unix, Linux, and Windows
▪ Performs port scanning, file transfers, port listener, and can even be used as backdoor to a system

22
Q

Conntrack

A

▪ A Linux command line utility that allows an investigator to interact with the connection tracking system in Linux
▪ Can show, delete, and update tablet entries or listen to different traffic flow events

CASP+ (26 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions