Related Essays

  • Digital Forensic Investigation

    Finally, reviewing log files for the information systems and from network devices will also be conducted for any digital evidence regarding the internal skim...

  • Loss Of Evidence

    Preserving and maintaining evidence in a forensic lab that was collected at a scene is crucial when conducting an investigation. A device that is suspected t...

  • Computer Forensic Investigation

    In computer forensic investigation, the first pro-active step is that of acquisition. However, the method used for data acquisition by a forensics investigat...

  • What Is The Nature Of The Crime Influence A Prospective Investigation

    Any valuable information/evidence such as potential email messages will be brought forward to the attorney. All storage hardware will be compensated for inve...

  • Forensic Investigation Failure

    Secondly is to protect and secure the useful promising information that is relevant to the computer. An investigator should ensure that no available evidenc...

  • Security Analysis Of Yahoo

    In this, it is highly expected that all members of the IT team should be aware of the roles that they are supposed to take for purposes of reporting any inci...

  • Case Study: Sysadmin, Audit, Network And Security Institute

    SANS computer security incident handling step by step was published with a proper listening of an IRP. • System Security Plan: An overview of the security ...

  • Forensic Investigations

    Digital devices today, such as smartphones and computers, contain a plethora of information about its owner. During a forensic investigation, the investigato...

  • Digital Forensics

    All evidence must be handled according to established guidelines. a. PERSONNEL RESPONSIBILITIES Chain of custody and the protection of evidence are para...

  • Enterprise Vulnerability Management Essay

    b) Assessment: This further can be divided into different steps: 1. Documented Policy: There need to be a documented policy which will lead you to solving ...

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/21

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

21 Cards in this Set

  • Front
  • Back

What is the Chain of Custody?

Documentation that shows where evidence has been.

Collecting digital steps are?
  1. Seize the Evidence
  2. Acquire Evidence
  3. Verify the Evidence
  4. Analyze the Evidence
  5. File filtering
  6. RAID array
  7. Network traffic logs
  8. Witness
  9. Big data analysis
  10. Report on Findings

Creating a bit-level copy of drive ensures?

That the entire disk is captured.

The investigation is performed on the ___________ and not the _____________?

The Image, Original.

Performing a live acquisition allows for?
  1. Capturing the contents of memory
  2. Capture the contents of an encrypted drive.

It is a best practice to when acquiring evidence is to?

Create multiple copies of the forensic image using different imaging tools..

Where can evidence be found on a computer?
  1. Memory
  2. Swap file
  3. Hard drive
  4. DVD
  5. Mobile device

Where should you collect evidence from first?

From volatile memory areas then nonvolatile areas.


  1. RAM
  2. Swap file
  3. Hard disk
  4. CD/DVD-rom

The first step of the first responder is?

Assess the situation and contain the incident and determine what systems are affected.

What are the steps when responding to a Common Incident.
  1. Prepare for security incident
  2. Incident Identification
  3. Escalation and notification
  4. Mitigate

What are the steps when reviewing a Common Incident.
  1. Look at lessons learned
  2. Create a report
  3. Recovery/restoration procedures
  4. Incident isolation
  5. Quarantine
  6. Data breach
  7. Damage and loss control

What is a Hex editor?

Allows you to view the low-level content of a file or disk.

On mobile devices where you search for evidence?
  1. ROM
  2. EEPROM
  3. SIM card
  4. Memory

The three things to consider when performing mobile forensics?
  1. Maintaining power
  2. Prevent synchronization
  3. Prevent remote wipe

What is a Faraday bag used for?

To block any signal to a mobile device.

What is CIRT stand for?

Computer Incident Response Team

Who are the members of the CIRT
  1. Team Leader: organizes the team
  2. Technical Specialist: assess damage and fix
  3. Documentation Specialist: controls documentation
  4. Legal advisor: Knows the law and regulations

Name two password cracking tools?
  1. Cain and Abel
  2. Snadboy's Revelation

Name a Live Analysis tools?

Helix has tools that can monitor processes locate graphic files, view PST files, mail passwords and internet files.

What is ProDiscover?

A computer forensic analysis tool that includes methods of securely wiping a disk acquiring a bit-level copy of the disk and analyzing the evidence form the image file or disk directly.

A KFF is a what?

a Known File Filter that will block out operating system and other files using their hash values.