Podcast
Questions and Answers
Get most fleeting information ____________________
Get most fleeting information ____________________
first
Create 1:1 copies of evidence (imaging) to preserve the original system in the ____________________
Create 1:1 copies of evidence (imaging) to preserve the original system in the ____________________
evidence locker
Always work on ____________________ of evidence, never the original
Always work on ____________________ of evidence, never the original
copies
Deleted files may be recovered from ____________________ space
Deleted files may be recovered from ____________________ space
Signup and view all the answers
Data can be hidden in other data through a process called ____________________
Data can be hidden in other data through a process called ____________________
Signup and view all the answers
Locating hidden or encrypted data is difficult and might even be ____________________
Locating hidden or encrypted data is difficult and might even be ____________________
Signup and view all the answers
Event reconstruction requires utilization of system and external information, including ____________________ files
Event reconstruction requires utilization of system and external information, including ____________________ files
Signup and view all the answers
A compromised system can be identified by comparing it against a known good ____________________
A compromised system can be identified by comparing it against a known good ____________________
Signup and view all the answers
The authorship analysis determines who or what kind of person created a ____________________
The authorship analysis determines who or what kind of person created a ____________________
Signup and view all the answers
An investigator may have to appear in court as an expert ____________________
An investigator may have to appear in court as an expert ____________________
Signup and view all the answers
Get most fleeting information ____________________
Get most fleeting information ____________________
Signup and view all the answers
Create 1:1 copies of evidence (imaging) to preserve the original system in the ____________________
Create 1:1 copies of evidence (imaging) to preserve the original system in the ____________________
Signup and view all the answers
Always work on ____________________ of evidence, never the original
Always work on ____________________ of evidence, never the original
Signup and view all the answers
Deleted files may be recovered from ____________________ space
Deleted files may be recovered from ____________________ space
Signup and view all the answers
Data can be hidden in other data through a process called ____________________
Data can be hidden in other data through a process called ____________________
Signup and view all the answers
Locating hidden or encrypted data is difficult and might even be ____________________
Locating hidden or encrypted data is difficult and might even be ____________________
Signup and view all the answers
Event reconstruction requires utilization of system and external information, including ____________________ files
Event reconstruction requires utilization of system and external information, including ____________________ files
Signup and view all the answers
A compromised system can be identified by comparing it against a known good ____________________
A compromised system can be identified by comparing it against a known good ____________________
Signup and view all the answers
The authorship analysis determines who or what kind of person created a ____________________
The authorship analysis determines who or what kind of person created a ____________________
Signup and view all the answers
An investigator may have to appear in court as an expert ____________________
An investigator may have to appear in court as an expert ____________________
Signup and view all the answers
Federated identity management allows users to use different identification credentials for each network they access.
Federated identity management allows users to use different identification credentials for each network they access.
Signup and view all the answers
Most sophisticated attacks only target vulnerable victims.
Most sophisticated attacks only target vulnerable victims.
Signup and view all the answers
Next-generation 911 call centers are not vulnerable to cyberattacks because they use traditional landlines.
Next-generation 911 call centers are not vulnerable to cyberattacks because they use traditional landlines.
Signup and view all the answers
Cyberattacks are no longer a major concern for national and economic security.
Cyberattacks are no longer a major concern for national and economic security.
Signup and view all the answers
A telephone denial of service (TDoS) attack uses email spam against a target network.
A telephone denial of service (TDoS) attack uses email spam against a target network.
Signup and view all the answers
Study Notes
Penetration Testing
- A penetration test (pentest) evaluates the strengths of all security controls on a computer system, including procedural, operational, and technological controls.
- Organizations that need penetration testing include banks, financial institutions, government organizations, online vendors, and any organization processing and storing private information.
- Certifications often require or recommend regular penetration testing to ensure system security.
- Penetration testing can be performed from an external or internal viewpoint, and can be overt or covert.
- The phases of penetration testing include:
- Reconnaissance and Information Gathering: discovering information about a target without making network contact.
- Network Enumeration and Scanning: discovering existing networks and live hosts.
- Vulnerability Testing and Exploitation: checking for known vulnerabilities and assessing their severity.
- Reporting: organizing and documenting information found during the test.
Phases of Penetration Testing
Reconnaissance and Information Gathering
- Purpose: to discover as much information about a target as possible without making network contact.
- Methods:
- Organization info discovery via WHOIS
- Google search
- Website browsing
Network Enumeration and Scanning
- Purpose: to discover existing networks and live hosts.
- Methods:
- Scanning programs (Nmap, autoscan)
- DNS Querying
- Route analysis (traceroute)
Vulnerability Testing and Exploitation
- Purpose: to check for known vulnerabilities and assess their severity.
- Methods:
- Remote vulnerability scanning (Nessus, OpenVAS)
- Active exploitation testing
- Login checking and brute forcing
- Vulnerability exploitation (Metasploit, Core Impact)
- Post-exploitation techniques to assess severity
Reporting
- Purpose: to organize and document information found during the test.
- Methods:
- Documentation tools (Dradis)
- Organizing information by hosts, services, identified hazards, and risks
How to Become a Penetration Tester
- Stay up to date on recent developments in computer security.
- Become proficient in C/C++ and a scripting language like PEARL.
- Consider obtaining certifications like Microsoft, Cisco, and Novell.
- Penetration testing certifications include CEH and GPEN.
Digital Forensics
- Emerging discipline in computer security.
- Investigation that takes place after an incident has happened.
- Goals: to answer questions about who, what, when, where, why, and how.
- Branches of digital forensics:
- Computer Forensic
- Firewall Forensic
- Database Forensic
- Network Forensic
- Mobile Device Forensic
- Forensic Data Analysis
Digital Evidences
- Definition: any data recorded or preserved on a digital device that can be read or understood by a person or computer system.
- Characteristics:
- Admissible
- Authentic
- Fragile
- Accurate
- Examples of digital evidence:
- Digital photographs
- ATM transaction logs
- Word processing documents
- Internet browser history
Types of Digital Evidences
- Persistence Data: data remains intact when the digital device is turned off.
- Volatile Data: data would be lost if the digital device is turned off.
- Location of Evidence:
- Internet history file
- Temporary internet file
- Newsgroup
- File storage dates
- Personal chatroom records
Investigation Phases
Phase 1: Acquisition
- Purpose: to recover as much evidence as possible without altering the crime scene.
- Methods:
- Documenting as much as possible
- Maintaining Chain of Custody
- Determining if an incident actually happened
- Determining the type of system to be investigated
- Acquiring fleeting information first
- Creating 1:1 copies of evidence
- Locking up the original system in the evidence locker
Phase 2: Recovery
- Purpose: to extract data from acquired evidence.
- Methods:
- Working on copies, not originals
- Extracting data, deleted data, and "hidden" data
- File systems and metadata
- Recovering deleted files
- Slack space analysis
- Steganography analysis
- Encrypted data analysis
Phase 3: Analysis
- Purpose: to locate contraband material, reconstruct events, determine if a system was compromised, or perform authorship analysis.
- Methods:
- Locating specific files
- Determining if existing files are illegal
- Utilizing system and external information
- Establishing a timeline of events
- Comparing against known good state
Phase 4: Presentation
- Purpose: to present findings in a clear and concise manner.
- Challenges:
- Presenting complex technical information to non-technical audiences
- Ensuring the integrity of the evidence
- Ensuring the accuracy of the analysis
Forensics Tools
- Acquisition:
- dd, pdd
- SafeBack, etc.
- Recovery:
- Encase
- TCT and Sleuth Kit
- Analysis:
- ?Presentation
- ?DF Investigator Profile
DF Investigator Profile
- Understanding of relevant laws
- Knowledge of file systems, OS, and applications
- Knowledge of tools and how to use them
- Ability to explain technical concepts in simple terms
Penetration Testing
- A penetration test (pentest) evaluates the strengths of all security controls on a computer system, including procedural, operational, and technological controls.
- Organizations that need penetration testing include banks, financial institutions, government organizations, online vendors, and any organization processing and storing private information.
- Certifications often require or recommend regular penetration testing to ensure system security.
- Penetration testing can be performed from an external or internal viewpoint, and can be overt or covert.
- The phases of penetration testing include:
- Reconnaissance and Information Gathering: discovering information about a target without making network contact.
- Network Enumeration and Scanning: discovering existing networks and live hosts.
- Vulnerability Testing and Exploitation: checking for known vulnerabilities and assessing their severity.
- Reporting: organizing and documenting information found during the test.
Phases of Penetration Testing
Reconnaissance and Information Gathering
- Purpose: to discover as much information about a target as possible without making network contact.
- Methods:
- Organization info discovery via WHOIS
- Google search
- Website browsing
Network Enumeration and Scanning
- Purpose: to discover existing networks and live hosts.
- Methods:
- Scanning programs (Nmap, autoscan)
- DNS Querying
- Route analysis (traceroute)
Vulnerability Testing and Exploitation
- Purpose: to check for known vulnerabilities and assess their severity.
- Methods:
- Remote vulnerability scanning (Nessus, OpenVAS)
- Active exploitation testing
- Login checking and brute forcing
- Vulnerability exploitation (Metasploit, Core Impact)
- Post-exploitation techniques to assess severity
Reporting
- Purpose: to organize and document information found during the test.
- Methods:
- Documentation tools (Dradis)
- Organizing information by hosts, services, identified hazards, and risks
How to Become a Penetration Tester
- Stay up to date on recent developments in computer security.
- Become proficient in C/C++ and a scripting language like PEARL.
- Consider obtaining certifications like Microsoft, Cisco, and Novell.
- Penetration testing certifications include CEH and GPEN.
Digital Forensics
- Emerging discipline in computer security.
- Investigation that takes place after an incident has happened.
- Goals: to answer questions about who, what, when, where, why, and how.
- Branches of digital forensics:
- Computer Forensic
- Firewall Forensic
- Database Forensic
- Network Forensic
- Mobile Device Forensic
- Forensic Data Analysis
Digital Evidences
- Definition: any data recorded or preserved on a digital device that can be read or understood by a person or computer system.
- Characteristics:
- Admissible
- Authentic
- Fragile
- Accurate
- Examples of digital evidence:
- Digital photographs
- ATM transaction logs
- Word processing documents
- Internet browser history
Types of Digital Evidences
- Persistence Data: data remains intact when the digital device is turned off.
- Volatile Data: data would be lost if the digital device is turned off.
- Location of Evidence:
- Internet history file
- Temporary internet file
- Newsgroup
- File storage dates
- Personal chatroom records
Investigation Phases
Phase 1: Acquisition
- Purpose: to recover as much evidence as possible without altering the crime scene.
- Methods:
- Documenting as much as possible
- Maintaining Chain of Custody
- Determining if an incident actually happened
- Determining the type of system to be investigated
- Acquiring fleeting information first
- Creating 1:1 copies of evidence
- Locking up the original system in the evidence locker
Phase 2: Recovery
- Purpose: to extract data from acquired evidence.
- Methods:
- Working on copies, not originals
- Extracting data, deleted data, and "hidden" data
- File systems and metadata
- Recovering deleted files
- Slack space analysis
- Steganography analysis
- Encrypted data analysis
Phase 3: Analysis
- Purpose: to locate contraband material, reconstruct events, determine if a system was compromised, or perform authorship analysis.
- Methods:
- Locating specific files
- Determining if existing files are illegal
- Utilizing system and external information
- Establishing a timeline of events
- Comparing against known good state
Phase 4: Presentation
- Purpose: to present findings in a clear and concise manner.
- Challenges:
- Presenting complex technical information to non-technical audiences
- Ensuring the integrity of the evidence
- Ensuring the accuracy of the analysis
Forensics Tools
- Acquisition:
- dd, pdd
- SafeBack, etc.
- Recovery:
- Encase
- TCT and Sleuth Kit
- Analysis:
- ?Presentation
- ?DF Investigator Profile
DF Investigator Profile
- Understanding of relevant laws
- Knowledge of file systems, OS, and applications
- Knowledge of tools and how to use them
- Ability to explain technical concepts in simple terms
Penetration Testing
- A penetration test (pentest) evaluates the strengths of all security controls on a computer system, including procedural, operational, and technological controls.
- Organizations that need penetration testing include banks, financial institutions, government organizations, online vendors, and any organization processing and storing private information.
- Certifications often require or recommend regular penetration testing to ensure system security.
- Penetration testing can be performed from an external or internal viewpoint, and can be overt or covert.
- The phases of penetration testing include:
- Reconnaissance and Information Gathering: discovering information about a target without making network contact.
- Network Enumeration and Scanning: discovering existing networks and live hosts.
- Vulnerability Testing and Exploitation: checking for known vulnerabilities and assessing their severity.
- Reporting: organizing and documenting information found during the test.
Phases of Penetration Testing
Reconnaissance and Information Gathering
- Purpose: to discover as much information about a target as possible without making network contact.
- Methods:
- Organization info discovery via WHOIS
- Google search
- Website browsing
Network Enumeration and Scanning
- Purpose: to discover existing networks and live hosts.
- Methods:
- Scanning programs (Nmap, autoscan)
- DNS Querying
- Route analysis (traceroute)
Vulnerability Testing and Exploitation
- Purpose: to check for known vulnerabilities and assess their severity.
- Methods:
- Remote vulnerability scanning (Nessus, OpenVAS)
- Active exploitation testing
- Login checking and brute forcing
- Vulnerability exploitation (Metasploit, Core Impact)
- Post-exploitation techniques to assess severity
Reporting
- Purpose: to organize and document information found during the test.
- Methods:
- Documentation tools (Dradis)
- Organizing information by hosts, services, identified hazards, and risks
How to Become a Penetration Tester
- Stay up to date on recent developments in computer security.
- Become proficient in C/C++ and a scripting language like PEARL.
- Consider obtaining certifications like Microsoft, Cisco, and Novell.
- Penetration testing certifications include CEH and GPEN.
Digital Forensics
- Emerging discipline in computer security.
- Investigation that takes place after an incident has happened.
- Goals: to answer questions about who, what, when, where, why, and how.
- Branches of digital forensics:
- Computer Forensic
- Firewall Forensic
- Database Forensic
- Network Forensic
- Mobile Device Forensic
- Forensic Data Analysis
Digital Evidences
- Definition: any data recorded or preserved on a digital device that can be read or understood by a person or computer system.
- Characteristics:
- Admissible
- Authentic
- Fragile
- Accurate
- Examples of digital evidence:
- Digital photographs
- ATM transaction logs
- Word processing documents
- Internet browser history
Types of Digital Evidences
- Persistence Data: data remains intact when the digital device is turned off.
- Volatile Data: data would be lost if the digital device is turned off.
- Location of Evidence:
- Internet history file
- Temporary internet file
- Newsgroup
- File storage dates
- Personal chatroom records
Investigation Phases
Phase 1: Acquisition
- Purpose: to recover as much evidence as possible without altering the crime scene.
- Methods:
- Documenting as much as possible
- Maintaining Chain of Custody
- Determining if an incident actually happened
- Determining the type of system to be investigated
- Acquiring fleeting information first
- Creating 1:1 copies of evidence
- Locking up the original system in the evidence locker
Phase 2: Recovery
- Purpose: to extract data from acquired evidence.
- Methods:
- Working on copies, not originals
- Extracting data, deleted data, and "hidden" data
- File systems and metadata
- Recovering deleted files
- Slack space analysis
- Steganography analysis
- Encrypted data analysis
Phase 3: Analysis
- Purpose: to locate contraband material, reconstruct events, determine if a system was compromised, or perform authorship analysis.
- Methods:
- Locating specific files
- Determining if existing files are illegal
- Utilizing system and external information
- Establishing a timeline of events
- Comparing against known good state
Phase 4: Presentation
- Purpose: to present findings in a clear and concise manner.
- Challenges:
- Presenting complex technical information to non-technical audiences
- Ensuring the integrity of the evidence
- Ensuring the accuracy of the analysis
Forensics Tools
- Acquisition:
- dd, pdd
- SafeBack, etc.
- Recovery:
- Encase
- TCT and Sleuth Kit
- Analysis:
- ?Presentation
- ?DF Investigator Profile
DF Investigator Profile
- Understanding of relevant laws
- Knowledge of file systems, OS, and applications
- Knowledge of tools and how to use them
- Ability to explain technical concepts in simple terms
Cybersecurity and Data Power
- Great businesses have been created by collecting and harnessing the power of data and data analytics.
- These businesses have the responsibility to protect this data from misuse and unauthorized access.
- The growth of data has created great opportunities for cybersecurity specialists.
Cybersecurity Domains
- Cyber experts now have the technology to track worldwide weather trends, monitor the oceans, and track the movement and behavior of people, animals, and objects in real-time.
- New technologies, such as Geospatial Information Systems (GIS) and the Internet of Everything (IoE), have emerged.
- These technologies depend on collecting and analyzing tremendous amounts of data.
Cybersecurity Criminals
- Hackers can be categorized into three types:
- White hat attackers: break into networks or computer systems to discover weaknesses and improve security.
- Gray hat attackers: may find a vulnerability and report it to the owners of the system if it coincides with their agenda.
- Black hat attackers: unethical criminals who violate computer and network security for personal gain or malicious reasons.
Cybersecurity Criminals (Cont.)
- Script Kiddies: teenagers or hobbyists with little or no skill, often using existing tools or instructions found on the Internet to launch attacks.
- Vulnerability Brokers: gray hat hackers who attempt to discover exploits and report them to vendors for prizes or rewards.
- Hacktivists: gray hat hackers who rally and protest against different political and social ideas.
- Cyber Criminals: black hat hackers who are either self-employed or working for large cybercrime organizations.
- State Sponsored Hackers: either white hat or black hat hackers who steal government secrets, gather intelligence, and sabotage networks.
Thwarting Cyber Criminals
- Coordinated actions to limit or fend off cyber criminals include:
- Vulnerability Database: National Common Vulnerabilities and Exposures (CVE) database provides a publicly available database of all known vulnerabilities.
- Early Warning Systems: The Honeynet project provides a HoneyMap which displays real-time visualization of attacks.
- Share Cyber Intelligence: InfraGard is an example of sharing cyber intelligence to prevent hostile cyberattacks.
- ISM Standards: The ISO 27000 standards provide a framework for implementing cybersecurity measures within an organization.
Common Threats
- Cybersecurity threats are particularly dangerous to certain industries and the type of information they collect and protect.
- Threats can come from:
- Personal Information
- Medical Records
- Education Records
- Employment and Financial Records
- Network services like DNS, HTTP, and Online Databases
- Packet sniffing and forgery
- Rogue devices, such as unsecured Wi-Fi access points
Spreading Cybersecurity Threats
- Threats can originate from within an organization or from outside.
- Internal threats can cause greater damage than external threats because internal users have direct access to the building and its infrastructure devices.
- External threats can exploit vulnerabilities in networked devices or use social engineering to gain access.
Spreading Cybersecurity Threats (Cont.)
- Vulnerabilities of Mobile Devices: the inability to centrally manage and update mobile devices poses a growing threat to organizations that allow employee mobile devices on their networks.
- Emergence of Internet-of-Things (IoT): the connection of various devices to the Internet increases the amount of data that needs protection.
- Impact of Big Data: big data poses both challenges and opportunities based on three dimensions: volume, velocity, and variety.
Spreading Cybersecurity Threats (Cont.)
- Threat Complexity:
- Advanced Persistent Threats (APTs): continuous computer hacks that occur under the radar against a specific object.
- Algorithm attacks: track system self-reporting data and use it to select targets or trigger false alerts.
- Intelligent selection of victims: sophisticated attacks only launch if the attacker can match the signatures of the targeted victim.
Threat Complexity (Cont.)
- Broader Scope and Cascade Effect:
- Federated identity management: multiple enterprises that let their users use the same identification credentials to gain access to the networks of all enterprises in the group.
- Safety Implications:
- Emergency call centers in the U.S. are vulnerable to cyberattacks that could shut down 911 networks, jeopardizing public safety.
- Telephone denial of service (TDoS) attacks: use phone calls against a target telephone network, tying up the system and preventing legitimate calls from getting through.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
This quiz evaluates your understanding of penetration testing, a crucial aspect of cybersecurity. Penetration testing is a simulated cyber attack against a computer system, network, or web application to assess its security.