11181935
Description
Flashcards by DJ Perrone, updated more than 1 year ago
|
|
Created by DJ Perrone
over 6 years ago
|
|
| Question | Answer |
| What is E-Discovery? | When evidence is recovered from electronic devices |
| What is an asset? | - An item of value - Can be digital or physical |
| What is a DRP? | Data Recovery Plan |
| What is a full backup? | - When all data is backed up. - Archive bit is cleared |
| What is an incrememental backup? | When backups are only accomplished on files that have been created or modified since last incremental. - Archive bit is cleared. |
| What is a differential backup? | Backups are completed on data created since last full backup. - Archive bit is not cleared |
| What is copy backup? | Not considered part of scheduled backup scheme. Do not reset the files archive bit. |
| What is a daily backup? | Use a file's timestamp to determine if it needs to be archived. - Popular is mission-critical environments. |
| What is a transaction log backup? | Captures all transactions that have occurred since last backup. |
| What is a FIFO backup scheme? | - First in, First Out - The newest backup is saved to the oldest media. - Does not protect against data errors. |
| What is a GFS backup scheme? | Grandfather, Father, Son -3 Sets of backups - Daily(S), Weekly(F), Monthly(G) - Son advances to father, father advances to grandfather |
| What is electronic vaulting? | - Copies files as modifications. - Real time |
| What is remote journaling? | - Copies the journal (transaction log) offside - Scheduled, occurs in batches |
| What is tape vaulting? | - Backups over direct line to off site facility - Off side backups |
| What is Hierarchical Storage Management (HSM) | - Stores frequently accessed data on faster media. - Store infrequently accessed data on slower media. |
| What is an optical jukebox? | - Stores data on optical disks. - Robots load and unload disks as needed - Ideal for 24.7 availability |
| What is replication? | Copies data from one location to another. |
| What is data purging? | Uses degausing, makes data unavailable to forensics. - Data is unrecoverable against laboratory attacks. |
| What is data clearing? | Rendering information unrecoverable by keyboard. |
| What is Remanence? | Any data left over from erased media. |
| What is a data breach? | Any incident where private/confidential information is released to unauthorized parties. |
| What is a PIA? | Privacy Impact Assessment - Risk assessment that determines risk of PII. |
| What are the 5 rules that digital evidence must adhere too? | - Authentic - Accurate - Complete - Convincing - Admissible |
| What is surveillance? | The act of monitoring behavior, activities or other changing activities. |
| What are two types of surveillance? | - Physical - Computer |
| What are some types of media analysis? | - Disk imaging - Slack space analysis - Content analysis - Steganography Analysis |
| What is disk imaging? | Creating an exact copy of HDD contents. |
| What is slack space analysis? | Analyzing empty or reusable space on drive to see if there is remains of older data. |
| What is content analysis? | Analyzing contents of drive and giving a report detailing the types of data by percentage. |
| What is steganography analysis? | Analyzing files on a drive to discover encryption used on the file. |
| What are some types of software analysis? | - Content analysis - Reverse engineering - Author identification - Context analysis |
| What is content analysis? | Analyzing the content of software to determine purpose for which the software was created. - Used heavily in malware analysis |
| What is reverse engineering? | Retrieving the source code from a program to study how the program performs. |
| What is author identification? | Attempting to determine the software's author. |
| What is context analysis? | Analyzing the environment the software was found to discover clues related to determining risk. |
| What are some types of network analysis? | - Communications analysis - Log analysis - Path tracing |
| What is communications analysis? | Analyzes traffic over the network for specific types of activity. |
| What is log analysis? | Analyzing network traffic logs. |
| What is path tracing? | Tracing the path of a particular traffic packet to determine route used by the attacker. |
| What is RFC 3327? | Order of volatility Guidelines for Evidence Collection and Archiving |
| What are the first four orders of data volatility? | - Memory Contents - Swap files - Routing table, ARP cache - File system information |
| What are the last four orders of data volatility | - Raw disk blocks - Remote logging and monitoring - Physical config and topology - Archival media |
Want to create your own Flashcards for free with GoConqr? Learn more.