Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
C702
C702 Network Forensics
| Term | Definition |
|---|---|
| Hybrid Cloud | 2 or more clouds |
| Community Cloud | 2 or more organizations using a cloud |
| Private Cloud | An organization using its own cloud |
| Public Cloud | One cloud many organizations |
| Rainbow Tables | Used to crack hashed passwords. A password hash table. a table of password hashes created by hashing every possible password and variation thereof to be used in a rainbow attack to recover a plaintext password from a captured ciphertext. |
| Cain and Abel | A password recovery tool for Microsoft OSs. Allows the recovery of passwords by sniffing the network, cracking encrypted passwords using dictionary, brute-force, and cryptanalysis attacks. |
| ophcrack | A free Windows password cracker based on Rainbow Tables. It comes with a GUI and runs on multiple platforms |
| L0phCrack | L0phtCrack is a password auditing and recovery software. It is packed with features such as scheduling, hash extraction from 64-bit Windows versions, multiprocessor algorithms, and network monitoring and decoding. administrative |
| THC Hydra | It is a network logon cracker tool that uses dictionary or brute-force attacks to try various passwords and login combinations against a login page. This tool supports Linux, BSD, Solaris, Mac OS X and any unix and Windows (Cygwin) OSs. |
| Brute Force | need more processing power compared to other attacks |
| Dictionary Attack | The program runs every word present in the dictionary to find the password. This does not work on systems that use passphrase or passwords not contained in a dictionary used |
| Message Header | Consist of fields like From, To, Cc, Subject, and Date, etc. contains information regarding the sender and receiver address, subject, time of creation, delivery stamps, message author, CC, and BCC |
| Email Body | Message and Signature block |
| Netstat | Tool that collects information about network connections operative in a Windows system. Provides a simple view of TCP and UDP connection, their stat and network traffic statistics |
| Nbstat | Helps to troubleshoot NetBIOS name resolution problems. When a network is functioning normally, NetBIOS over TCP/IP (NetBT) resolves NetBIOS names to IP addresses |
| fsstat | Displays the details associated with a file system. The out of this command is file system specific. At a minimum, the range of meta-data values (inode number) and content units (blocks or clusters) are given. Mount times and features |
| Xplico | Extracts the applications data contained from an internet traffic capture |
| Oxygen Forensic Kit | Ready to use and customizable mobile forensic solution for field and in-lab usage. It allows not only extraction of data from the device but also created reports and analyzes data in the field |
| LSAsecretsView | A small utility that displays a list of all LSA secrets stored in the Registry on a computer. Located under HKEY_LOCAL_MAcHINE/Security/Policy/Secrets. It may contain VPN/RAS passwords, Autologon passwords |
| Gargoyle | Steganography Detection Tool. Conducts quick searches on a given computer or machine for known contraband and malicious programs. Finds remnants in a removed program. its signature contains botnets, Trojans, steganography, encryption and keyloggers |
| Recover my Files | Data Recovery Software. Recovers deleted files emptied from the Windows Recycle Bin or lost because of formatting or corruption of a hard drive, virus, or Trojan infection, and unexpected system shutdown or software failure. Previews data "on-the-fly" |
| Ontrack Easy recover | It is a data recovery software ready to retrieve missing files. It recovers data and protects it |
| .EDB | A database file created by teh Windows search feature included with MS Windows. MS exchange file. Server Storage archive |
| .NSF | Can be recovered and extracted by Lotus Notes Forensics Tool. can be found on IBM notes. Server stroage archive |
| .PST | Found on the local Archive. Any archive that has an archive format independent of a mail server. Outlook extension. Outlook Data File |
| .OST | Offline Outlook data file. Syncs a copy of your mailbox when offline and then back to online |
| .NST | Outlook Group Storage File |
| Master Boot Record | MBR. Specifies the location of an OS for the system to load into the main storage. Refers to the 512 byte boot sector or partition sector of a disk |
| HTTP 500 error message | Indicate the occurrence of a SQL injection attack. |
| "An internal server error" or "Problem processing your request" | Indicates a web attack. Also known as HTTP 500 error message |
| Tracks | Concentric rings on the platters that store data; each trach has smaller partitions called disk blocks or sectors. Track numbering starts at 0 and goes to 1023 |
| IIS | Centralized binary logging is a process where most of the websites transmit binary and scattered log data to a single log file |
| ISS file path on a server | %Systemdrive%/inetpub/logs/LogFiles |
| Writer Blocker Tool | Tableau T8-R2 Forensic USB Bridge |
| Tableau's new T8-R2 Forensic USB Bridge | offers secure, hardware-based write blocking of USB mass storage devices |
| File Salvage | Recovers lost files and scratched CD's. Mac |
| OnTrack Easy Recovery | Recovers and protects data |
| Advanced Disk Recovery | Scans system for deleted files and tries to recover them |
| MAC Log Updates | /var/log/install.log install date of system and software updates |
| Azazel | A userland rootkit written in C based off of the original LD_PRELOAD technique from Jynx rootkit. It is more robust and has additional features and focuses heavily on anti-debugging and anti-detection |
| Splunk | A software platform to search, analyze and visualize the machine-generated data gathered from the websites |
| File Carving | A technique to recover files and fragments of files from unallocated space of the hard disk in the absence of file metadata |
| Admissible Evidence | relevant to case, act in support of the client presenting it, and be well communicated |
| Volatile Data | Temporary information on a digital device that requires a constant power supply and is deleted if the power supply is interrupted. system time, logged-on users, network information, process information etc |
| Non-Volatile Data | Permanent data stored on secondary storage devices, such as hard disks and memory cards. Information stored in non-volatile form includes hidden files, slack space, swap file, index.dat files, unallocated clusters, unused partitions etc |
| When is it okay to not have a search warrant? | When evidence is about to destroyed |
| When can you enter premise? | When an authority figure allows you inside |
| Evidence locker recommendations | Place these containers in restricted areas, which are only accessible to lab officers. Protected from unauthorized access by using high-quality padlocks and perform routine inspections |
| RAID 0 | No fault tolerance. Disk Striping. Provides overall performance |
| RAID 1 | Mirroring. Duplicates or copies that derive data on to two different drives |
| RAID 2 | Does not NOT implement any standard technique. It is like striping with parity |
| RAID 3 | It is like striping with parity. Stores checksums |
| RAID 5 | Striping with Parity. Uses 3 or more disks with the equivalent of one disk holding parity information |
| RAID 10 | Stripe of Mirrors |
| JPEG Hex value | FF D8 FF |
| BMP Hex value | 42 4d |
| GIF Hex value | 47 49 46 38 |
| PNG Hex value | 89 50 4e 47 |
| PDF Hex value | 25 50 44 46 |
| TSK fsstat- | Displays general details of a file system. Details associated with a file system. The output command of this command is file system specific |
| TSK istat- | Display details of a meta-data structure (i.e inode). Displays the uid, gid, mode, size, link number, modified, accessed changed times and all the disk units a structure has alloacted |
| TSK fls- | List file and directory names in a disk image and display file names of recently deleted files for the directory using the given inode |
| TSK img_stat- | Displays details of an image file. Displays the details associated with an image file. |
| dcfldd Command | The dd command is a data management tool and not specifically designed for forensics, therefore it has a few drawbacks. Dcfldd includes several features to supports forensics acquisition. Linux acquiring data |
| Netstat | Tool that helps collect infomration about network connections in a Windows system. provides a simple view of TCP and UDP connection. their stat and network traffic statistics |
| Nbtstat | Helps to troubleshoot NetBIOS name resolution problems. When a network is functioning normally, NetBIOS over TCP/IP (NetBT) resolves NetBIOS names to IP addresses |
| fsstat | Displays the details associated with a file system. The output of this command is file system specific |
| .EDB | A database file created by the Windows search feature. It contains indexed information about files that have been searched for in the Windows search feature. MS exchange file. Server storage archive |
| .NSF | Can be recovered and extracted by Lotus Notes Forensics Tool. Can be found on IBM notes. Server storage archive |
| .PST | Can be found on a Local Archive. Any archive that has an archival format independent of a mail server. Outlook extension. Outlook Data File |
| .OST | Offline Outlook data file. Syncs copy of your mailbox when offline and then back to online |
| .NST | Outlook Group Storage file |
Created by:
zstudycards
Popular Computers sets