Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
19 Cards in this Set
- Front
- Back
|
Bit-for-bit copy |
An exact replica of the bits from either a logical volume or a physicaldrive. When the copy is made to a file it is called a forensic image file. When the copyis made to another disk it is called a clone. |
|
|
Bit-stream image |
Same as bit-for-bit copy. |
|
|
Bitlocker |
Full disk encryption solution from Microsoft. Encrypts Logical Volumes. |
|
|
Clone |
An exact replica or bit-for-bit copy of one disk on to another disk. |
|
|
Cryptographic hash |
MD5 or SHA-1 |
|
|
Cyclic Redundancy Check (CRC) - |
CRC is an error checking mechanism often usedto compare two sets of data in order to detect errors during transmission. It is lesscompute intensive than MD5 or SHA-1 hash algorithms but still provides a statisticallysufficient validation |
|
|
Dead imaging |
When a disk is removed from a computer system and reattached via awrite-blocker to another system that can acquire the contents of the disk it is called deadimaging. |
|
|
Disk Image File |
A file containing an exact copy of a physical disk or logical volume.Tools like dd, dcfldd and FTK Imager can create disk image files. ISO images are diskimages of data CDs or DVDs. |
|
|
Embedded image |
disk images that contain metadata about the image such as atimestamp when the image was created and a cryptographic hash. E01 (Expert Witness)images are embedded images that contain an acquisition hash, CRC calculations aftereach data block and case information. |
|
|
Fingerprint |
An identifier for a particular forensic image. See cryptographic hash. |
|
|
Forensic duplicate - |
A copy of a logical volume or physical disk that has been copied bitfor-bit so that it includes all data and metadata |
|
|
Forensic image |
A copy of a logical volume or physical disk that has been copied bitfor-bit so that it includes all data and metadata |
|
|
ISO image |
ISO images are exact copies or images of data CDs or data DVDs. |
|
|
Live imaging |
When a disk cannot be removed from a running system and its contentsacquired during normal operation, the contents of the disk may change during or after thelive-imaging process because the disk will not likely be mounted read-only |
|
|
Logical volume |
A partition that has been formatted with a file system makes up alogical volume. |
|
|
MBR - Master Boot Record |
The first sector of a physical disk contains the MBR. TheMBR identifies up to four partitions on a disk by giving the starting location, length ofpartition and the file system type it contains. |
|
|
Memory Image File |
A file containing an exact copy of a computer’s physical memory.Since the contents of memory are volatile and not static, a memory image is like asnapshot from a specific point in time. |
|
|
Metadata- |
Metadata is data describing other data. For example, the metadata in aMicrosoft WORD document will contain the filename, the size of the file, permissionsassociated with the file etc. This is not data that is visible within the document. It is dataabout the document. |
|
|
What is the difference between an image and a clone?: |
An image is a duplicate of a physical drive that is written to a file. A clone is a bit for bit copy of a physical dirve directly on to another disk. (Think of E01 Files as images and Device(Clone) option in Paladin as Clone). |
