What are the types of cybercrime investigation approaches?
Civil
Criminal
Administrative
Punative
Describe civil cybercrime
... [Show More] investigation
...
Describe Criminal cybercrime investigation
...
Describe administrative cybercrime investigation
...
Describe Punitive cybercrime investigation
...
What type of cybercrime investigation is being used when warnings for policy violations are performed?
Administrative cybercrime investigation
What is Enterprise Theory of Investigation?
It applies a holistic approach toward any criminal activity as a criminal operation
What is the Racketeering Influenced and Corrupt Organizations Act
...
What is Law Enforcement Cyber Incident Reporting
...
What is Evidence Examination
...
What does a forensic investigator need to obtain before seizing a computer in a criminal case?
A court warrant
What is a chain of custody document?
...
Permission
...
Crime report
...
How do you check to see if an application was ever installed on a computer?
the logs
Penetration Test
...
Describe Risk Analysis
...
Security review
...
What characteristic describes an orgs forensic readiness in the context of cybercrimes?
It includes cost considerations
Who must sign a chain of custody document?
Everyone who obtains access to the item
Mailbombing
...
What forensic step includes duplicating and imagine the digital evidence?
acquiring data
forensic step securing evidence
...
forensic step analyzing data
...
forensic step assessing evidence
...
What is the last step in an investigation that requires a forensic investigator?
Testifying in court
How can you determine if an android phone is on without changing evidence or interacting with the operating system?
Look for blinking lights
What is an alternative to a faraday bag?
Aluminum foil
What determines if a technology used by the government to obtain information in a computer search is considered innovative and requires a search warrant?
Whether the technology is available to the public
In what situation can evidence be seized without a search warrant?
The evidence is in immediate danger
What legal document contains a summary of findings and is used to prosecute?
Investigation Report
What does a search warrant include?
...
What is search and seizure?
...
What is on a chain of custody document?
...
What does a faraday bag do?
It stops signals from getting to a device inside it
Describe ethical behavior when an investigator is testifying
Providing and explaining facts. Nothing more, nothing less.
Describe the 4th ammendment
...
Describe the Stored Communications Act
...
Describe the Federal Rules of Evidence
...
Describe Net Neutrality Bill
...
Where are system logs found on a mac?
/var/log/
What are found at /var/log/?
Mac system files
What are found at /var/audit?
...
What tool can you use to view data from Linux kernal ring buffers?
dmesg
What does the dmesg command do?
It allows the viewing of Linux kernal ring buffers and other system files
What does fsck do?
...
Describe the tool Quick Recovery
...
Describe the tool Handy Recovery
...
Describe the tool EaseUS Data Recovery
You can use it to find Adobe PDF files in a bit-stream copy of a harddrive that has been reformatted
Describe the tool Stellar Data Recovery
...
What are important hexidecimal values?
...
What does 0xFFD8 represent?
JPEG images
What does 0x424D represent?
...
What does 0xD0CF11E0A1B11AE1 represent?
...
What does 0x504B030414000600 represent?
...
What does whitespace steganography mean?
...
What does folder steganography mean?
Allows a person to physically move a file but keep the associated files in their original place for recovery
What does image steganography mean?
embedding data in an image
What does web steganography mean?
...
Describe stego-only
...
Describe known-stego
...
Describe known-message
When the text and output image are known but the algo isn't
Describe chosen-message
When the text is chosen and used to determine the algo used to hide it in an image
What system does DaveGrohl target?
OSX
What is DaveGrohl?
An OSX password cracker
Describe what cain and able is and what systems it works on
...
Describe what l0phtcrack is and what systems it works on
...
Describe what Ophcrack is and what systems it works on
...
Describe what Kibana is and what systems it works on
...
Describe what OSSEC is and what systems it works on
...
Describe what syslog-ng is and what systems it works on
...
Describe what wireshark is and what systems it works on
...
Describe what EnCase is and what systems it works on
It allows you to review or process information in windows without the window api
Describe what netstat is and what systems it works on
...
Describe what dd is and what systems it works on
...
Describe what LogMeister is and what systems it works on
...
What web-based app attack corrupts the execution stack of a web app?
BufferOverflow
Describe a bufferoverflow
...
Describe cookie poisoning
...
Describe SQL injection
Using non-validated SQL requests to access data not intended to be accessed. Usually includes closing the original search query and then writing your own all in the search box
Describe Denial of Service
When someone purpose overwhelms a computer with too much traffic until it is unable to handle it and crashes or reboots. This blocks legitimate traffic from reaching its intended location and makes network usage nearly impossible. Is generally done by rogue devices such as IOT or insecure computers [Show Less]