25 Questions
Get most fleeting information ____________________
first
Create 1:1 copies of evidence (imaging) to preserve the original system in the ____________________
evidence locker
Always work on ____________________ of evidence, never the original
copies
Deleted files may be recovered from ____________________ space
slack
Data can be hidden in other data through a process called ____________________
steganography
Locating hidden or encrypted data is difficult and might even be ____________________
impossible
Event reconstruction requires utilization of system and external information, including ____________________ files
log
A compromised system can be identified by comparing it against a known good ____________________
state
The authorship analysis determines who or what kind of person created a ____________________
file
An investigator may have to appear in court as an expert ____________________
witness
Get most fleeting information ____________________
first
Create 1:1 copies of evidence (imaging) to preserve the original system in the ____________________
evidence locker
Always work on ____________________ of evidence, never the original
copies
Deleted files may be recovered from ____________________ space
slack
Data can be hidden in other data through a process called ____________________
steganography
Locating hidden or encrypted data is difficult and might even be ____________________
impossible
Event reconstruction requires utilization of system and external information, including ____________________ files
log
A compromised system can be identified by comparing it against a known good ____________________
state
The authorship analysis determines who or what kind of person created a ____________________
file
An investigator may have to appear in court as an expert ____________________
witness
Federated identity management allows users to use different identification credentials for each network they access.
False
Most sophisticated attacks only target vulnerable victims.
False
Next-generation 911 call centers are not vulnerable to cyberattacks because they use traditional landlines.
False
Cyberattacks are no longer a major concern for national and economic security.
False
A telephone denial of service (TDoS) attack uses email spam against a target network.
False
Study Notes
Penetration Testing
- A penetration test (pentest) evaluates the strengths of all security controls on a computer system, including procedural, operational, and technological controls.
- Organizations that need penetration testing include banks, financial institutions, government organizations, online vendors, and any organization processing and storing private information.
- Certifications often require or recommend regular penetration testing to ensure system security.
- Penetration testing can be performed from an external or internal viewpoint, and can be overt or covert.
- The phases of penetration testing include:
- Reconnaissance and Information Gathering: discovering information about a target without making network contact.
- Network Enumeration and Scanning: discovering existing networks and live hosts.
- Vulnerability Testing and Exploitation: checking for known vulnerabilities and assessing their severity.
- Reporting: organizing and documenting information found during the test.
Phases of Penetration Testing
Reconnaissance and Information Gathering
- Purpose: to discover as much information about a target as possible without making network contact.
- Methods:
- Organization info discovery via WHOIS
- Google search
- Website browsing
Network Enumeration and Scanning
- Purpose: to discover existing networks and live hosts.
- Methods:
- Scanning programs (Nmap, autoscan)
- DNS Querying
- Route analysis (traceroute)
Vulnerability Testing and Exploitation
- Purpose: to check for known vulnerabilities and assess their severity.
- Methods:
- Remote vulnerability scanning (Nessus, OpenVAS)
- Active exploitation testing
- Login checking and brute forcing
- Vulnerability exploitation (Metasploit, Core Impact)
- Post-exploitation techniques to assess severity
Reporting
- Purpose: to organize and document information found during the test.
- Methods:
- Documentation tools (Dradis)
- Organizing information by hosts, services, identified hazards, and risks
How to Become a Penetration Tester
- Stay up to date on recent developments in computer security.
- Become proficient in C/C++ and a scripting language like PEARL.
- Consider obtaining certifications like Microsoft, Cisco, and Novell.
- Penetration testing certifications include CEH and GPEN.
Digital Forensics
- Emerging discipline in computer security.
- Investigation that takes place after an incident has happened.
- Goals: to answer questions about who, what, when, where, why, and how.
- Branches of digital forensics:
- Computer Forensic
- Firewall Forensic
- Database Forensic
- Network Forensic
- Mobile Device Forensic
- Forensic Data Analysis
Digital Evidences
- Definition: any data recorded or preserved on a digital device that can be read or understood by a person or computer system.
- Characteristics:
- Admissible
- Authentic
- Fragile
- Accurate
- Examples of digital evidence:
- Digital photographs
- ATM transaction logs
- Word processing documents
- Internet browser history
Types of Digital Evidences
- Persistence Data: data remains intact when the digital device is turned off.
- Volatile Data: data would be lost if the digital device is turned off.
- Location of Evidence:
- Internet history file
- Temporary internet file
- Newsgroup
- File storage dates
- Personal chatroom records
Investigation Phases
Phase 1: Acquisition
- Purpose: to recover as much evidence as possible without altering the crime scene.
- Methods:
- Documenting as much as possible
- Maintaining Chain of Custody
- Determining if an incident actually happened
- Determining the type of system to be investigated
- Acquiring fleeting information first
- Creating 1:1 copies of evidence
- Locking up the original system in the evidence locker
Phase 2: Recovery
- Purpose: to extract data from acquired evidence.
- Methods:
- Working on copies, not originals
- Extracting data, deleted data, and "hidden" data
- File systems and metadata
- Recovering deleted files
- Slack space analysis
- Steganography analysis
- Encrypted data analysis
Phase 3: Analysis
- Purpose: to locate contraband material, reconstruct events, determine if a system was compromised, or perform authorship analysis.
- Methods:
- Locating specific files
- Determining if existing files are illegal
- Utilizing system and external information
- Establishing a timeline of events
- Comparing against known good state
Phase 4: Presentation
- Purpose: to present findings in a clear and concise manner.
- Challenges:
- Presenting complex technical information to non-technical audiences
- Ensuring the integrity of the evidence
- Ensuring the accuracy of the analysis
Forensics Tools
- Acquisition:
- dd, pdd
- SafeBack, etc.
- Recovery:
- Encase
- TCT and Sleuth Kit
- Analysis:
- ?Presentation
- ?DF Investigator Profile
DF Investigator Profile
- Understanding of relevant laws
- Knowledge of file systems, OS, and applications
- Knowledge of tools and how to use them
- Ability to explain technical concepts in simple terms
Penetration Testing
- A penetration test (pentest) evaluates the strengths of all security controls on a computer system, including procedural, operational, and technological controls.
- Organizations that need penetration testing include banks, financial institutions, government organizations, online vendors, and any organization processing and storing private information.
- Certifications often require or recommend regular penetration testing to ensure system security.
- Penetration testing can be performed from an external or internal viewpoint, and can be overt or covert.
- The phases of penetration testing include:
- Reconnaissance and Information Gathering: discovering information about a target without making network contact.
- Network Enumeration and Scanning: discovering existing networks and live hosts.
- Vulnerability Testing and Exploitation: checking for known vulnerabilities and assessing their severity.
- Reporting: organizing and documenting information found during the test.
Phases of Penetration Testing
Reconnaissance and Information Gathering
- Purpose: to discover as much information about a target as possible without making network contact.
- Methods:
- Organization info discovery via WHOIS
- Google search
- Website browsing
Network Enumeration and Scanning
- Purpose: to discover existing networks and live hosts.
- Methods:
- Scanning programs (Nmap, autoscan)
- DNS Querying
- Route analysis (traceroute)
Vulnerability Testing and Exploitation
- Purpose: to check for known vulnerabilities and assess their severity.
- Methods:
- Remote vulnerability scanning (Nessus, OpenVAS)
- Active exploitation testing
- Login checking and brute forcing
- Vulnerability exploitation (Metasploit, Core Impact)
- Post-exploitation techniques to assess severity
Reporting
- Purpose: to organize and document information found during the test.
- Methods:
- Documentation tools (Dradis)
- Organizing information by hosts, services, identified hazards, and risks
How to Become a Penetration Tester
- Stay up to date on recent developments in computer security.
- Become proficient in C/C++ and a scripting language like PEARL.
- Consider obtaining certifications like Microsoft, Cisco, and Novell.
- Penetration testing certifications include CEH and GPEN.
Digital Forensics
- Emerging discipline in computer security.
- Investigation that takes place after an incident has happened.
- Goals: to answer questions about who, what, when, where, why, and how.
- Branches of digital forensics:
- Computer Forensic
- Firewall Forensic
- Database Forensic
- Network Forensic
- Mobile Device Forensic
- Forensic Data Analysis
Digital Evidences
- Definition: any data recorded or preserved on a digital device that can be read or understood by a person or computer system.
- Characteristics:
- Admissible
- Authentic
- Fragile
- Accurate
- Examples of digital evidence:
- Digital photographs
- ATM transaction logs
- Word processing documents
- Internet browser history
Types of Digital Evidences
- Persistence Data: data remains intact when the digital device is turned off.
- Volatile Data: data would be lost if the digital device is turned off.
- Location of Evidence:
- Internet history file
- Temporary internet file
- Newsgroup
- File storage dates
- Personal chatroom records
Investigation Phases
Phase 1: Acquisition
- Purpose: to recover as much evidence as possible without altering the crime scene.
- Methods:
- Documenting as much as possible
- Maintaining Chain of Custody
- Determining if an incident actually happened
- Determining the type of system to be investigated
- Acquiring fleeting information first
- Creating 1:1 copies of evidence
- Locking up the original system in the evidence locker
Phase 2: Recovery
- Purpose: to extract data from acquired evidence.
- Methods:
- Working on copies, not originals
- Extracting data, deleted data, and "hidden" data
- File systems and metadata
- Recovering deleted files
- Slack space analysis
- Steganography analysis
- Encrypted data analysis
Phase 3: Analysis
- Purpose: to locate contraband material, reconstruct events, determine if a system was compromised, or perform authorship analysis.
- Methods:
- Locating specific files
- Determining if existing files are illegal
- Utilizing system and external information
- Establishing a timeline of events
- Comparing against known good state
Phase 4: Presentation
- Purpose: to present findings in a clear and concise manner.
- Challenges:
- Presenting complex technical information to non-technical audiences
- Ensuring the integrity of the evidence
- Ensuring the accuracy of the analysis
Forensics Tools
- Acquisition:
- dd, pdd
- SafeBack, etc.
- Recovery:
- Encase
- TCT and Sleuth Kit
- Analysis:
- ?Presentation
- ?DF Investigator Profile
DF Investigator Profile
- Understanding of relevant laws
- Knowledge of file systems, OS, and applications
- Knowledge of tools and how to use them
- Ability to explain technical concepts in simple terms
Penetration Testing
- A penetration test (pentest) evaluates the strengths of all security controls on a computer system, including procedural, operational, and technological controls.
- Organizations that need penetration testing include banks, financial institutions, government organizations, online vendors, and any organization processing and storing private information.
- Certifications often require or recommend regular penetration testing to ensure system security.
- Penetration testing can be performed from an external or internal viewpoint, and can be overt or covert.
- The phases of penetration testing include:
- Reconnaissance and Information Gathering: discovering information about a target without making network contact.
- Network Enumeration and Scanning: discovering existing networks and live hosts.
- Vulnerability Testing and Exploitation: checking for known vulnerabilities and assessing their severity.
- Reporting: organizing and documenting information found during the test.
Phases of Penetration Testing
Reconnaissance and Information Gathering
- Purpose: to discover as much information about a target as possible without making network contact.
- Methods:
- Organization info discovery via WHOIS
- Google search
- Website browsing
Network Enumeration and Scanning
- Purpose: to discover existing networks and live hosts.
- Methods:
- Scanning programs (Nmap, autoscan)
- DNS Querying
- Route analysis (traceroute)
Vulnerability Testing and Exploitation
- Purpose: to check for known vulnerabilities and assess their severity.
- Methods:
- Remote vulnerability scanning (Nessus, OpenVAS)
- Active exploitation testing
- Login checking and brute forcing
- Vulnerability exploitation (Metasploit, Core Impact)
- Post-exploitation techniques to assess severity
Reporting
- Purpose: to organize and document information found during the test.
- Methods:
- Documentation tools (Dradis)
- Organizing information by hosts, services, identified hazards, and risks
How to Become a Penetration Tester
- Stay up to date on recent developments in computer security.
- Become proficient in C/C++ and a scripting language like PEARL.
- Consider obtaining certifications like Microsoft, Cisco, and Novell.
- Penetration testing certifications include CEH and GPEN.
Digital Forensics
- Emerging discipline in computer security.
- Investigation that takes place after an incident has happened.
- Goals: to answer questions about who, what, when, where, why, and how.
- Branches of digital forensics:
- Computer Forensic
- Firewall Forensic
- Database Forensic
- Network Forensic
- Mobile Device Forensic
- Forensic Data Analysis
Digital Evidences
- Definition: any data recorded or preserved on a digital device that can be read or understood by a person or computer system.
- Characteristics:
- Admissible
- Authentic
- Fragile
- Accurate
- Examples of digital evidence:
- Digital photographs
- ATM transaction logs
- Word processing documents
- Internet browser history
Types of Digital Evidences
- Persistence Data: data remains intact when the digital device is turned off.
- Volatile Data: data would be lost if the digital device is turned off.
- Location of Evidence:
- Internet history file
- Temporary internet file
- Newsgroup
- File storage dates
- Personal chatroom records
Investigation Phases
Phase 1: Acquisition
- Purpose: to recover as much evidence as possible without altering the crime scene.
- Methods:
- Documenting as much as possible
- Maintaining Chain of Custody
- Determining if an incident actually happened
- Determining the type of system to be investigated
- Acquiring fleeting information first
- Creating 1:1 copies of evidence
- Locking up the original system in the evidence locker
Phase 2: Recovery
- Purpose: to extract data from acquired evidence.
- Methods:
- Working on copies, not originals
- Extracting data, deleted data, and "hidden" data
- File systems and metadata
- Recovering deleted files
- Slack space analysis
- Steganography analysis
- Encrypted data analysis
Phase 3: Analysis
- Purpose: to locate contraband material, reconstruct events, determine if a system was compromised, or perform authorship analysis.
- Methods:
- Locating specific files
- Determining if existing files are illegal
- Utilizing system and external information
- Establishing a timeline of events
- Comparing against known good state
Phase 4: Presentation
- Purpose: to present findings in a clear and concise manner.
- Challenges:
- Presenting complex technical information to non-technical audiences
- Ensuring the integrity of the evidence
- Ensuring the accuracy of the analysis
Forensics Tools
- Acquisition:
- dd, pdd
- SafeBack, etc.
- Recovery:
- Encase
- TCT and Sleuth Kit
- Analysis:
- ?Presentation
- ?DF Investigator Profile
DF Investigator Profile
- Understanding of relevant laws
- Knowledge of file systems, OS, and applications
- Knowledge of tools and how to use them
- Ability to explain technical concepts in simple terms
Cybersecurity and Data Power
- Great businesses have been created by collecting and harnessing the power of data and data analytics.
- These businesses have the responsibility to protect this data from misuse and unauthorized access.
- The growth of data has created great opportunities for cybersecurity specialists.
Cybersecurity Domains
- Cyber experts now have the technology to track worldwide weather trends, monitor the oceans, and track the movement and behavior of people, animals, and objects in real-time.
- New technologies, such as Geospatial Information Systems (GIS) and the Internet of Everything (IoE), have emerged.
- These technologies depend on collecting and analyzing tremendous amounts of data.
Cybersecurity Criminals
- Hackers can be categorized into three types:
- White hat attackers: break into networks or computer systems to discover weaknesses and improve security.
- Gray hat attackers: may find a vulnerability and report it to the owners of the system if it coincides with their agenda.
- Black hat attackers: unethical criminals who violate computer and network security for personal gain or malicious reasons.
Cybersecurity Criminals (Cont.)
- Script Kiddies: teenagers or hobbyists with little or no skill, often using existing tools or instructions found on the Internet to launch attacks.
- Vulnerability Brokers: gray hat hackers who attempt to discover exploits and report them to vendors for prizes or rewards.
- Hacktivists: gray hat hackers who rally and protest against different political and social ideas.
- Cyber Criminals: black hat hackers who are either self-employed or working for large cybercrime organizations.
- State Sponsored Hackers: either white hat or black hat hackers who steal government secrets, gather intelligence, and sabotage networks.
Thwarting Cyber Criminals
- Coordinated actions to limit or fend off cyber criminals include:
- Vulnerability Database: National Common Vulnerabilities and Exposures (CVE) database provides a publicly available database of all known vulnerabilities.
- Early Warning Systems: The Honeynet project provides a HoneyMap which displays real-time visualization of attacks.
- Share Cyber Intelligence: InfraGard is an example of sharing cyber intelligence to prevent hostile cyberattacks.
- ISM Standards: The ISO 27000 standards provide a framework for implementing cybersecurity measures within an organization.
Common Threats
- Cybersecurity threats are particularly dangerous to certain industries and the type of information they collect and protect.
- Threats can come from:
- Personal Information
- Medical Records
- Education Records
- Employment and Financial Records
- Network services like DNS, HTTP, and Online Databases
- Packet sniffing and forgery
- Rogue devices, such as unsecured Wi-Fi access points
Spreading Cybersecurity Threats
- Threats can originate from within an organization or from outside.
- Internal threats can cause greater damage than external threats because internal users have direct access to the building and its infrastructure devices.
- External threats can exploit vulnerabilities in networked devices or use social engineering to gain access.
Spreading Cybersecurity Threats (Cont.)
- Vulnerabilities of Mobile Devices: the inability to centrally manage and update mobile devices poses a growing threat to organizations that allow employee mobile devices on their networks.
- Emergence of Internet-of-Things (IoT): the connection of various devices to the Internet increases the amount of data that needs protection.
- Impact of Big Data: big data poses both challenges and opportunities based on three dimensions: volume, velocity, and variety.
Spreading Cybersecurity Threats (Cont.)
- Threat Complexity:
- Advanced Persistent Threats (APTs): continuous computer hacks that occur under the radar against a specific object.
- Algorithm attacks: track system self-reporting data and use it to select targets or trigger false alerts.
- Intelligent selection of victims: sophisticated attacks only launch if the attacker can match the signatures of the targeted victim.
Threat Complexity (Cont.)
- Broader Scope and Cascade Effect:
- Federated identity management: multiple enterprises that let their users use the same identification credentials to gain access to the networks of all enterprises in the group.
- Safety Implications:
- Emergency call centers in the U.S. are vulnerable to cyberattacks that could shut down 911 networks, jeopardizing public safety.
- Telephone denial of service (TDoS) attacks: use phone calls against a target telephone network, tying up the system and preventing legitimate calls from getting through.
This quiz evaluates your understanding of penetration testing, a crucial aspect of cybersecurity. Penetration testing is a simulated cyber attack against a computer system, network, or web application to assess its security.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free