click below
click below
Normal Size Small Size show me how
Cyber_4ens_part
Question | Answer |
---|---|
4th amendment | protects everyone's right to be secure in their person, residence, and property |
Police workstation | one computer every 250,000 |
Live Acquisition | data can be changed, it also capture memory and can easily solve the problem of encrypted disk |
static acquisition | data cannot be changed |
main formats for data storage | raw, proprietary, advanced forensics |
method of data acquisition | disk to image, disk to disk, logical |
private sector investigation | don't do any further investigation until you receive court order |
windows startup task | we learn what files to access when windows starts, will help determine when the computer was last accessed |
evaluating forensics tools | validating yourself experience, NIST tools, validation protocol |
4 blocks component in Unix | boot block, super block, inode, data block |
2 linux loaders | LILO, GRUB |
how to validate data with FTK and Prodiscover | use KFF(Smartfile), Using .eve file |
main data hiding | file manipulation, encryption, disk manipulation |
graphics format type | bitmap, vector, metafile |
network forensics | systematic tracking of incoming and outgoing traffic. Ascertains how an attack was carried out or how an event occurred on a network |
how to examine e-mail headers | return path, name of the e-mail server, recipients email address, IP address of sending server, unique message #, date and time email was sent |