2.4 Incident Respone and Recovery Procedures

DJ Perrone
Flashcards by DJ Perrone, updated more than 1 year ago
DJ Perrone
Created by DJ Perrone almost 3 years ago


Conduct incident response and recovery procedures.

Resource summary

Question Answer
What is E-Discovery? When evidence is recovered from electronic devices
What is an asset? - An item of value - Can be digital or physical
What is a DRP? Data Recovery Plan
What is a full backup? - When all data is backed up. - Archive bit is cleared
What is an incrememental backup? When backups are only accomplished on files that have been created or modified since last incremental. - Archive bit is cleared.
What is a differential backup? Backups are completed on data created since last full backup. - Archive bit is not cleared
What is copy backup? Not considered part of scheduled backup scheme. Do not reset the files archive bit.
What is a daily backup? Use a file's timestamp to determine if it needs to be archived. - Popular is mission-critical environments.
What is a transaction log backup? Captures all transactions that have occurred since last backup.
What is a FIFO backup scheme? - First in, First Out - The newest backup is saved to the oldest media. - Does not protect against data errors.
What is a GFS backup scheme? Grandfather, Father, Son -3 Sets of backups - Daily(S), Weekly(F), Monthly(G) - Son advances to father, father advances to grandfather
What is electronic vaulting? - Copies files as modifications. - Real time
What is remote journaling? - Copies the journal (transaction log) offside - Scheduled, occurs in batches
What is tape vaulting? - Backups over direct line to off site facility - Off side backups
What is Hierarchical Storage Management (HSM) - Stores frequently accessed data on faster media. - Store infrequently accessed data on slower media.
What is an optical jukebox? - Stores data on optical disks. - Robots load and unload disks as needed - Ideal for 24.7 availability
What is replication? Copies data from one location to another.
What is data purging? Uses degausing, makes data unavailable to forensics. - Data is unrecoverable against laboratory attacks.
What is data clearing? Rendering information unrecoverable by keyboard.
What is Remanence? Any data left over from erased media.
What is a data breach? Any incident where private/confidential information is released to unauthorized parties.
What is a PIA? Privacy Impact Assessment - Risk assessment that determines risk of PII.
What are the 5 rules that digital evidence must adhere too? - Authentic - Accurate - Complete - Convincing - Admissible
What is surveillance? The act of monitoring behavior, activities or other changing activities.
What are two types of surveillance? - Physical - Computer
What are some types of media analysis? - Disk imaging - Slack space analysis - Content analysis - Steganography Analysis
What is disk imaging? Creating an exact copy of HDD contents.
What is slack space analysis? Analyzing empty or reusable space on drive to see if there is remains of older data.
What is content analysis? Analyzing contents of drive and giving a report detailing the types of data by percentage.
What is steganography analysis? Analyzing files on a drive to discover encryption used on the file.
What are some types of software analysis? - Content analysis - Reverse engineering - Author identification - Context analysis
What is content analysis? Analyzing the content of software to determine purpose for which the software was created. - Used heavily in malware analysis
What is reverse engineering? Retrieving the source code from a program to study how the program performs.
What is author identification? Attempting to determine the software's author.
What is context analysis? Analyzing the environment the software was found to discover clues related to determining risk.
What are some types of network analysis? - Communications analysis - Log analysis - Path tracing
What is communications analysis? Analyzes traffic over the network for specific types of activity.
What is log analysis? Analyzing network traffic logs.
What is path tracing? Tracing the path of a particular traffic packet to determine route used by the attacker.
What is RFC 3327? Order of volatility Guidelines for Evidence Collection and Archiving
What are the first four orders of data volatility? - Memory Contents - Swap files - Routing table, ARP cache - File system information
What are the last four orders of data volatility - Raw disk blocks - Remote logging and monitoring - Physical config and topology - Archival media
Show full summary Hide full summary


Sarbanes-Oxley and Beyond
Chapter 4 Audit Quiz
Stephany Fox
Mock In class test
Recovery after exercise
Tamara Lancaster
Audit Midterm 2
Isabel Robles
How much do you know about the MED EEB Community?
Kinga Konya
SA 200 General Terms and Definitions
Mary Geraldin
Main elements of an effective health and safety management system