Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
21 Cards in this Set
- Front
- Back
What is the Chain of Custody? |
Documentation that shows where evidence has been. |
|
Collecting digital steps are? |
|
|
Creating a bit-level copy of drive ensures? |
That the entire disk is captured. |
|
The investigation is performed on the ___________ and not the _____________? |
The Image, Original. |
|
Performing a live acquisition allows for? |
|
|
It is a best practice to when acquiring evidence is to? |
Create multiple copies of the forensic image using different imaging tools.. |
|
Where can evidence be found on a computer? |
|
|
Where should you collect evidence from first? |
From volatile memory areas then nonvolatile areas.
|
|
The first step of the first responder is? |
Assess the situation and contain the incident and determine what systems are affected. |
|
What are the steps when responding to a Common Incident. |
|
|
What are the steps when reviewing a Common Incident. |
|
|
What is a Hex editor? |
Allows you to view the low-level content of a file or disk. |
|
On mobile devices where you search for evidence? |
|
|
The three things to consider when performing mobile forensics? |
|
|
What is a Faraday bag used for? |
To block any signal to a mobile device. |
|
What is CIRT stand for? |
Computer Incident Response Team |
|
Who are the members of the CIRT |
|
|
Name two password cracking tools? |
|
|
Name a Live Analysis tools? |
Helix has tools that can monitor processes locate graphic files, view PST files, mail passwords and internet files. |
|
What is ProDiscover? |
A computer forensic analysis tool that includes methods of securely wiping a disk acquiring a bit-level copy of the disk and analyzing the evidence form the image file or disk directly. |
|
A KFF is a what? |
a Known File Filter that will block out operating system and other files using their hash values. |