Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
60 Cards in this Set
- Front
- Back
motion in limine |
-a written list of objections to pieces of evidence. -allows judge to decide whether evidence would make the jury biased or damage the case -occurs before trial, before jury is present |
|
honeypot |
-computer or network setup to lure an attacker |
|
curriculum vitae |
extensive outline of professional history -education -training -work -what cases worked on -training -publications contributed to -associates, awards, etc. |
|
spoliation of evidence |
destroying or concealing evidence; this action is subject to sanctions |
|
data carving |
|
|
packet sniffer |
devices and software used to examine network traffic. (On TCP/IP networks, they examine packets - hence name)
-Work on layer 2 or 3 of the OSI model |
|
phishing |
a type of email scam that's typically sent as spam soliciting personal identity information that fraudsters can use for identity theft
|
|
GSM |
Global System for Mobile Communications
-2nd generation cellular network standard -most popular cellular network -TDMA so multiple phones take turns sharing a channel |
|
CDMA |
Code Division Multiple Access
-makes use of spread spectrum modulation to spread the signal across a wide range of frequencies |
|
sim cards |
Subscriber Identity Module Cards -most common in GSM devices -similar to standard memory cards -SIM Card is necessary for the ME (mobile equipment to work) -identifies subscriber to network -stores personal info -stores address books and messages -stores service-related info -allows service to switch easily |
|
router
|
|
|
switch |
|
|
spoofing |
-transmitting an email message with its header info altered so that it looks to be from a different sender
-also referred to as "forged emails." -typically used in phishing and spamming to hide the sender's identity. |
|
FRCP |
Federal Rules of Civil Procedure
-Rule 26 requires parties who anticipate calling an expert witness to testify must provide a copy of the expert's written report that includes: -all opinions -basis for opinions -information considered in coming to those opinions |
|
FRCrP |
Federal Rules of Criminal Procedure
"When dealing with someone charged in a criminal case, the rights of the individual take precedence. -Rule 41: Search and Seizure - how evidence can be obtained in a criminal investigation -Amended in December 2011 -Outline what needs to be provided and how evidence should and should not be seized -includes fourth amendment rights |
|
EDRM |
Electronic Discovery Reference Model
-information mgmt, identification, preservation, collection, processing, review, analysis, production and presentation. IIPCPRAPP - a roadmap for handling overwhelming amounts of electronic evidence |
|
legal hold |
-an order to preserve data in anticipation of litigation, an audit, a government investigation or another matter
-prohibits people from destroying or processing records |
|
load file |
a set of scanned images or electronically processed files that might contain attachments to documents, emails, or files. Load files are used by the top three tools for trial presentation to import and export documents from litigation databases. |
|
HEFS |
|
|
How do you hide data in HEFS? |
|
|
What factors limit the seizure of hardware? |
|
|
What are the main issues with mobile device seizure? |
|
|
How do you access routers or switches? |
You have to access them any way other than through a network connection. Typically, by connecting to them directly or by SSH into them. WHY? |
|
Items found in mobile devices...(Mobile forensics) |
|
|
Explain why investigating mobile devices is the most challenging task in digital forensics |
|
|
During an incident, you wanna collect and review network diagrams – what potential issues might you expect to find when you request network diagrams? |
|
|
Detail the process for live windows acquisition |
|
|
Discuss EDRM process... |
|
|
Live response methodologies - describe each one, tools to use, pros and cons of each, what kind of info to extract, significance of data |
|
|
Walk through process of switch or router investigation |
|
|
What to do and what not to do when collecting volatile data from a cisco router (include how to connect and collect the data) |
|
|
Walk through what is a final report |
|
|
E-Discovery process - walk through from plaintiff's perspective (steps to follow) |
|
|
Locard's Exchange Principle - walk through it |
|
|
PHI |
Personal Health Information -confidential information collected by medical providers for the purpose of treatment; (tests, lab results, insurance data, etc.) This information is covered under HIPAA |
|
PII |
Personally Identifiable Information -birthdate, ssn, etc. |
|
NPI |
Nonpublic personal information
-data that can specify an individual (SSN) |
|
ESI |
Electronically stored information
-any info stored electronically or in digital format |
|
Walk through procedure for processing a mobile device |
|
|
Fuzzy |
a sophisticated search method that finds even misspelled words
|
|
Stemming |
a search method that finds all variations of a word
|
|
Phonic |
a search method used for variations on spelling (useful for non-native speakers) |
|
Synonym |
a search method used to find words with similar meanings (requires uploading a thesaurus)
|
|
Boolean Operators |
-and, or, and not operators used when performing keywords searches on ESI (electronically stored information)
-true or false values returned to indicate whether a keyword meets search criteria |
|
pattern search |
search method used to find items that follow a specific pattern of letters or numbers (phone numbers, credit cards, IP addresses)
|
|
antiforensics - what it does, why people use it |
methods of deleting, altering or hiding evidence to obstruct a digital forensics investigation. Interference - attempt to throw people off the case -emptying recycle bin to hard drive configuration -traces of anti-forensics are stored in the windows registry -if you suspect information was deleted or altered, you should try to get forensic images of the hard drive. These drive images will reflect evidence of deletions or alterations. |
|
voir dire |
during qualification phase of testimony, your attorney asks you questions to establish your credentials as an expert witness. (Process of qualifying jurors is also called voir dire) |
|
How to process a scene |
|
|
Log file analysis – during an intrusion two indicators commonly found in log files – what are the two – multiple log in attempts, etc. (syslog and system event logs, multiple log in attempts that fail, and connection attempts that fail) |
|
|
two modes needed to connect to router |
|
|
common router attacks |
|
|
command used to store and reload configuration files |
|
|
how to collect non-volatile data |
|
|
key info from media header |
|
|
for digital evidence to be used in any type of legal process it must meet five conditions – what are they? |
|
|
Validating forensic data – explain the most critical aspects of computer forensics ensuring the integrity of the data in its use in the court of law
|
|
|
daltar warnings??? |
|
|
packet sniffing - who/why |
Network admins use sniffers for increasing security and tracking bottlenecks. However, attackers can use them to obtain information illegally. |
|
wild card search |
a search method that uses a question mark to search for a single character variation or an asterisk to match a combination of characters |
|
evidence must be... |
admissible, authentic, complete, reliable and believable, |