Papers

Created by

Chama Mulubwa

Subdecks (1)

Questions
Data recovery & evidence gathering > Papers
7 cards

Cards (54)

L2TP 
Layer 2 Tunneling Protocol
Electronic evidence 
Digital data that can be used as evidence in a court of law
Network Forensics 
The capture, recording, and analysis of network traffic for the purpose of information gathering, legal evidence, or security
IPsec 
Internet Protocol Security
ARP 
Address Resolution Protocol
HFS 
Hierarchical File System
Factors that affect the recovery time
3 factors
Service the client 192.168.43.229 is obtaining from 142.251.47.195 server
HTTPS
Attack associated with the protocol in the Wireshark capture
Man-in-the-middle attack
Command in Wireshark to display the three-way handshake
Follow TCP Stream
File system to use for storage of 4K video files 
ZFS
Why ZFS is chosen
Resilience to data loss
Optimized for large files
ZFS 
Zettabyte File System - a modern file system designed for high-capacity storage
Denial of service attack 
An attack that aims to make a machine or network resource unavailable to its intended users
Attack described in the scenario
SYN flood attack
SYN flood attack 
1. Attacker forges a TCP SYN packet from a spoofed IP address to the server
2. Server generates a SYN-ACK packet in response, but never receives the final ACK packet
3. This exhausts the server's resources and makes it unable to respond to legitimate requests
Variants of SYN flood attack
UDP flood
ICMP flood
HTTP flood
What the command in Figure 5Q achieves
What the "Conv=no error, sync" option does in the command prompt
Commands to check the number of mountable drives in Linux
lsblk
fdisk -l
WSL 
Windows Subsystem for Linux - allows running a Linux distribution directly on Windows
Reasons why Kali Linux is preferred in cybersecurity
Extensive collection of security and penetration testing tools
Designed for ethical hacking and security research
Regularly updated with the latest security tools and exploits
Data recovery 
The process of salvaging data from damaged, failed, corrupted, or inaccessible primary storage media when it cannot be accessed in a normal way
Importance of data recovery
Allows cyber-security experts to recover lost data
Causes of data loss from a hard drive
Disk failure
Accidental deletion
Malware infection
Physical damage
Logical errors
Reasons for data loss
Hardware failure
Software corruption
Human error
Natural disasters
Cyber attacks
Data recovery and evidence gathering techniques 
Used to provide evidence in courts of law
What happens when data is deleted from a hard drive
1. Data is not immediately erased
2. Marked as available space
3. Can be overwritten by new data
Circumstances where data may be irrecoverable
Severe physical damage to the drive
Extensive logical damage to the file system
Data curving 
The process of recovering data from a damaged or corrupted hard drive
Four step process of recovering data
1. Assessment
2. Imaging
3. Analysis
4. Extraction
Factors affecting data recovery time
Hardware type (SSD vs HDD)
Drive capacity
Extent of damage
It takes longer to recover data from an SSD compared to an HDD
Factors responsible for time taken to image a drive
Drive capacity
Interface speed
Condition of the drive
MTF 
Mean Time to Failure
MBR 
Master Boot Record
Recovery software 
Used to recover data that cannot be accessed normally
Encrypted data cannot be recovered
Due diligence 
The process of carefully assessing and documenting data recovery and evidence gathering techniques to ensure legal admissibility
ICMP 
Internet Control Message Protocol; error-reporting protocol used by network devices to send error messages indicating, for example, that a requested service is not available or that a host or router could not be reached

Papers

Subdecks (1)

Questions

Cards (54)