Digital Forensics

Questions and Answers

Which element plays a crucial function in criminal justice systems?

• Forensics science
• Digital evidences
• Volatile Evidence
• All of the above (correct)

The term 'cracker' refers to what type of individual?

• Black hat hacker (correct)
• White hat hacker
• Grey hat hacker
• None of the above

Which of the following is a goal of ethical hacking?

• To cause damage to system
• To steal sensitive information
• To identify and fix security vulnerabilities (correct)
• To gain unauthorized access to a system

What should be done prior to beginning the ethical hacking process?

Planning (D)

Which of the following tools is used for security checks related to port scanning and firewall testing?

Netcat (A)

What is a primary characteristic of demonstrative evidence?

It is based on eyewitness accounts. (D)

Which action is considered an unethical norm for an investigator?

Falsifying education or training credentials. (A)

What is the significance of Locard's Exchange Principle in digital forensics?

It dictates the method for securing digital evidence. (D)

What action does 'data lifecycle management' involve?

Automating data transmission to storage. (B)

Which of the following is the most crucial step in handling computer forensics cases?

Maintaining the chain of custody (C)

What is the primary aim of ethical hacking?

Improving system security through vulnerability identification (B)

What does the term allintitle do in Google dorking?

Returns results for pages that meet all of the keyword criteria (C)

What is SQL injection?

A technique to exploit vulnerabilities in a system or network (A)

Why is Microsoft Windows the operating system which is most often targeted by hackers?

Because of its widespread use worldwide. (B)

In what context is banner grabbing most commonly employed?

Information gathering (A)

What is the role of a security professional in managing potential security problems within database management systems?

To asses and manage the potential security problems (C)

What makes main memory the most volatile evidence source?

Data is quickly lost when power is removed. (A)

Which type of attack involves sending hundreds or thousands of emails with very large attachments?

Attachment Overloading Attack (D)

Why has email become a major vulnerability for the users and organizations?

Because it is a universal service so it used by a large number of people worldwide (A)

What is the consequence of excessive retention of sensitive data in database management systems concerning security breaches?

It increases the impact of a security breach (B)

In a buffer-overflow attack, what happens when a program places more data into a buffer than it can hold?

The extra data overflows and corrupts data in adjacent memory locations (C)

When performing digital forensics, which action should always be avoided?

Performing an examination on the original data (B)

Which of the following best describes ethical decision-making in digital forensic work?

Adhering to legal standards and professional norms (C)

You are tasked with responding to a potential security incident. Which phase would you undertake to confirm that an incident has occurred?

Readiness phase (B)

The federal bureau of investigation program is currently referred to as:

Computer Analysis and Response Team (CART) (A)

Flashcards

What is Digital Forensics?

The application of computer science and investigative procedures for a legal purpose involving the analysis of digital evidence.

Digital Forensics entails:

The identification, preservation, recovery, restoration and presentation of digital evidence from systems and devices.

Digital evidence

Information and data of value to an investigation that is stored, transmitted or received by an electronic device.

Evidence verification

Ensuring similarity of provided data to court data.

Locard's Exchange Principle

A principle stating that anyone entering a crime scene takes something and leaves something behind.

Chain of custody

Maintaining documented and secure chain of custody.

Data security

A set of strategies and processes to secure data.

Ethical Hacking

Testing systems to identify security vulnerabilities.

Social engineering

A technique to manipulate people for information

Vulnerability scanning

Finding weaknesses in Ethical Hacking

Black Hat Hacker

Hackers with unlawful intentions.

Ethical hacking's goal

Identifying security vulnerabilities is the main goal.

Ethical hacking

Is the same as pen testing

Written permission

Is what you need, before starting the ethical hacking plan.

Ping sweep purpose

Identify live systems.

Attachment Overloading Attack

Attack by sending many emails with attachments.

purpose of DoS attacks

overload a system so it is no longer operational.

Amount of ARP

A sign of ARP poisoning

ARP spoofing

Often referred to as Man-in-the-Middle attack.

Google Dorking finds:

Technique to find exposed info.

buffer-overflow attack

Sends extra data to overwrite adj.data

DBMS are:

Complex software for managing databases

The security pro and the DBMS

assess and manage potential security problems

DBMS Vulnerabilities

loose access permissions.

Aggregation identifies

Combining citizens data from sources.

Study Notes

Digital Forensics Role

• Digital evidences play a vital role in criminal justice systems

Federal Bureau of Investigation Program

• The Computer Analysis and Response Team (CART) is the current program of the Federal Bureau of Investigation

Digital Forensics Encompasses

• Extraction of computer data
• Preservation of computer data
• Interpretation of computer data
• Manipulation of computer data is not part of digital forensics

Rules of Digital Forensics

• An examination should never be performed on the original data
• The copy of the evidence must be an exact, bit-by-bit copy
• The chain of custody of all evidence must be clearly maintained
• The examination must be conducted in such a way as to prevent any modification of the evidence

Impermissible actions in digital forensics

• Do not perform an examination on the original data

IDIP Definition

• Integrated Digital Investigation Process (IDIP) is a process for digital investigations

Father of Computer Forensics

• Michael Anderson is known as the father of computer forensics

Abstract Digital Forensic Model

• Reith, Carr, Gunsh proposed the Abstract Digital Forensic Model (ADFM)

S.Ciardhuain's Investigation Model

• Extended Model of Cybercrime Investigation (EMCI) is proposed by S.Ciardhuain

Most Comprehensive Forensic Model

• Extended Model of Cybercrime Investigation (EMCI) is the most comprehensive forensic model to date

Key Phases in Digital Forensics

• Collection phase: Records the physical scene and duplicates digital evidence using standardized and accepted procedures
• Deployment phase: Provides a mechanism for an incident to be detected and confirmed
• Reconstruction phase: Includes putting the pieces of a digital puzzle together and developing investigative hypotheses
• Survey phase: Investigator transfers the relevant data from a venue out of physical or administrative control of the investigator to a controlled location
• Review phase: Entails a review of the whole investigation and identifies areas of improvement

Ethical Considerations in Digital Forensics

• Ethical decision-making includes honesty towards the investigation
• Prudence means carefully handling the digital evidences
• Compliance with the law and professional norms are also key

Ethical Norms for Investigators

• General ethical norms include contributing to society and humanity
• Avoiding harm to others
• Being honest and trustworthy

Unethical Norms for Investigators

• Unethical norms include distorting or falsifying education, training, credentials,
• Declaring any confidential matters or knowledge
• Not taking a neutral stance on any evidence

Principles for Digital Forensics Investigation

• Relevant evidence must be upheld
• Confidential matters or knowledge must be declared
• Should be fair and actions that discriminate should not be taken

Expressing Opinions Based on Factual Evidence

• Hypothetical questions are framed

Macro Viruses

• It can open documents, run applications automatically, and spread via email

Components of Computer Forensics

• Chains are one of the three C's in computer forensics

Digital Forensics Definition

• The application of computer science and investigative procedures for a legal purpose involving the analysis of digital evidence after proper search authority, chain of custody, validation with mathematics, use of validated tools, repeatability, reporting, and possible expert presentation

Digital Forensics Tasks

• Identify and solve computer crimes, accessing system directories, recover lost files and present digital evidence from systems and devices

Impartiality and Objectivity

• A digital forensic investigator must maintain absolute objectivity

Responsibilities of an Investigator

• Accurately report the relevant facts of a case
• Maintain strict confidentiality
• It is not an investigator’s job to determine someone’s guilt or innocence

Legal Issues in Computer Forensics

• The most significant legal issue is admissibility of evidence

Properties of Computer Evidence

• Computer evidence needs to be authentic and accurate
• Computer evidence must be complete and convincing
• Duplicated and preserved
• NOT easily read by a person

Impact on Investigations

• Crime can break investigation.

Connecting Attacker, Victim, and Crime Scene

• Digital evidence makes a credible link between them

Rules for Digital Evidence

• Digital evidence must follow best evidence rules

Evidentiary Media

• A true or real copy of the evidence media is original evidence

Evidence Usability

• Admissible evidence must be usable in court

Media Usage in Digital Investigations

• Original media cannot be used to carry out digital investigation processes

Computer Reliability

• By default, every part of the victim's computer is considered as unreliable

Sources of Digital Evidence

• Sources of digital evidence is on the internet, on standalone computers and mobile devices

Locard's Exchange Principle

• States that anyone entering a crime scene takes something and leaves something behind

Crime Scene Evidence

• A criminal will leave evidence and remove a hint from the scene

Evidence Transfer

• Evidence transfer helps establish connections between victims, offenders, and crime scenes

Definition of Digital Evidence

• Digital evidence is information and data of value to an investigation that is stored, transmitted, or received by an electronic device

Electronic Evidence

• Digital evidence can be obtained from electronic sources

Examples of Evidence Types

• Photographs, videos, sound recordings, graphs, and charts provide demonstrative evidence
• Blood, fingerprints, DNA, casts of footprints exemplify substantial evidence
• Testimony is evidence spoken by a spectator under oath

Admissibility

• Evidence must be authenticated to be admissible

Establishing Custody Chain

• Document date, time, and any other information of receipt to establish chain of custody

Digital Evidence Handling

• Personnel safety should be considered while documenting evidence

Validating Data for Court

• The process of ensuring the collected data is similar to the data presented in court is evidence validation

Volatile Evidence Sources

• Registers and cache are the most volatile evidence source

Classification of Non-Volatile Evidence

• Log files are non-volatile evidence

Computer-Related Crimes

• Computers can be involved in homicide, sexual assault, property theft and civil disputes

Ethical Hacking

• Also known as White Hat Hacking

Ethical Hacking Tools

• Ethical hackers use scanners, decoders and proxies

Ethical Hacking Objective

• Vulnerability scanning determines weakness

Preventing Security Breaches

• Ethical hacking will prevent the massive security breaches

Steps for Hackers

1. Reconnaissance
2. Scanning
3. Gaining Access
4. Maintaining Access

Social Engineering

• It is a technique to manipulate people into giving up sensitive information

Identifying Threat Actors

• Crackers are back hat hackers

Raymond's Dissertation

• Raymond described the fundamentals of a hacker's attitude

Black Hat Hackers

• Performs hacking with unlawful intentions

Ethical Hackers

• Hack systems to discover vulnerabilities
• Protect against unauthorized access, abuse, and misuse

Hacktivists

• Uses hacking to send social, religious, and political messages

Gray Hat Hacker

• Hacks into systems to identify weaknesses
• Reveals the weaknesses of systems without authority

Ethical Hacker's Intent

• To discover vulnerabilities from an attacker's point of view to better secure systems

Basis of Security Audits

• It is based on checklists

Additional Name for Ethical Hacking

• It is also known as penetration testing, intrusion testing, and red teaming

Ultimate Goal for Ethical Hacking

• Focus on identifying and securing existing vulnerabilities by fixing security

Who Finds Weakness

• Hackers can find and exploit a weakness in computer systems

Digital Image of Protected System

• Snapshots is similar to a backup, but is a completed image

Correct User Privileges

• assures that user privileges are applied correctly

Data Subject Rights

• Data subjects can ask data controllers to forget their personal data with right to erasure

Data Processor

• GDPR Data Processor holds or processes personnel data on behalf of another organization

Data Security's Focus

• Data security focuses on privacy, availability, and integrity

Data Lifecycle Management

• Involves automating the transmission of critical data to offline and online storage

Key Goal for Ethical Hackers

• Non-destructive with removing and securing better systems

Safety Feeling

• Firewall creates the false feeling

Ethical Hacker Guideline

• Obey written permission from the owner

Planning for Ethical Hacking

• Always plan before beginning

Tools for Passwords

• The tool LC4 is used to crack password

Depth Analysis for Web Application

• Whisker provides a depth analysis for a web application

Email Encryption Tool

• PGP (pretty good privacy) is used to encrypt Email

Identifying Weaknesses

• Vulnerability scanners are tools to identify weaknesses in systems

Effective IT Act 2000

• It was notified on 17th October 2000

Cyber Offense

• Receiving stolen computer or communication device is section 66B of Cyber security Act 2000

Decrypt Failure

• Offense “Failure /refusal to decrypt data” is section 69

Sending Penalties

• Section 66A penalizes sending "offensive messages"

SNMP Defined

• Simple Network Management Protocol is used for types of hacking

Testing Tools

• NetCat, SuperScan, and NetScan scans for network testing and port scanning

Banner Grabbing

• White Hat Hacking is used for banner grabbing

Large Attachment Results

• Attachment Overloading Attack can be an attack with of emails containing very large attachments

Network Tool for Windows

• Sam Spade is network tool used for Windows for network queries from DNS lookups to trace routes

Ping and Sweeping

• Netcat is great for pings and port scanning

Security Check Tool

• The tool Netcat is great for ports firewall test and security checks

Windows Important Activity

• Cracking password is the most important activity in windows vulnerabilities

Purpose Behind Denial of Service

• Overloads systems to no longer be operational

Reason for Using Ping Sweep

• The main use if for identifying live systems

Port Number Usage

• Telnet protocol uses port 23

Excessive ARP Request Results

• Signify a an ARP poisoning attack

ARP Spoofing Definition

• ARP spoofing is known as Man-in-the-Middle attack

Ad-hoc Network

• Rogue Networks watch out for unauthorized Access Points and wireless clients attached to your network

Internet Connection Takedown

• DOS is an attack, which can take down your internet connection

Nmap Ports

• Open, closed, filtered are the port states determined by Nmap

Trojan, Hacks and Virus

• Network infrastructure Vulnerabilities include the hacks and attacks

Hacking Attacks on Messaging Systems

• Examples: transmitting malware and crashing servers is all a part of accessing workstations

MAC Daddy Attack

• ARP impacts the MAC daddy attack

Compromised WLAN

• Include the the loss of network access, confidential information as all legal liabilities

Google Dork

• “allintitle“ is a google dork that meet the the keyword

Internet Hacker Technique

• Google Dorking is a technique used by hackers to find the information exposed accidentally to the internet

Hacker Corruption Data

• In Heap-based, the hacker corrupts data within the heap, and that code change forces your system to overwrite important data

ARP Spoofing Definition

• The type of man-in-the-middle (MITM) attack where the arp is spoofed

Table Hacking

• Running a program with Dsniff for Cain and Abel can modify ARP tables

Data Overload

• The extra data overflows, corrupts, and overwrites other data in adjacent buffers

Buffer Overload Attack

• Sends extra data to a program's buffer
• Causes programs to be disrupted

Methods Related to Initiate a Buffer Overload Attack

• Stack-based and heap-based take over a program's buffer

Stack Based Attack

• Sends data to the too-small stack buffer
• Inserts malicious code using a "push" or "pop" function

Buffer Overload Attacks

• Corrupt data within the heap
• Forces systems to overwrite important data

Database Management Definitions

• Complex software systems for managing database are database management systems

What Professionals Handle

• Manage the potential security problems

DMBS Weakness

• Loose access permissions can give access to databases

Excess Data

• Increases impact of a security

Assembled Information

• Combine data to give a data warehouse

Attacks Related to SQL

• A technique attack to identify vulnerabilities
• Exploits vulnerabilities within a system or network

Hacking Servers

• Email bombs is an effective way to crash servers to gain unauthorized access

Unsafe Web

• Attacks against insecure Web Application via HTTP

Secure Hacking

• It is a security vulnerability because it protects information

Tracking Defined

• Google Hacking can be defined as tracking

Google Dork Operators

• Has commands to use such as intitle, allintitle

Specific Dorks

• Is helpful when having key criteria to search

InTitle

• Searches for specific text in the HTML title of a page

Google Dorks

• Is more complex and requires training

Security Found in Windows

• There is a major vulnerability in DOS
• In remote execution codes

Reason Widely Hacked for a OS

• Most widely known and hacked in the world

One Positive Hack

• Hacks are pushing hackers to be better and have better security.

Main Email Focus

• Large number of people who use the service for hacking purposes

Hacking Outlook

• Focus on brute force and Phishing to gathering and exploit.