Digital Forensics
Subdecks (1)
Cards (93)
- A virtual machine is a an environment that is isolated from the rest of the system it is running on.It is intangible.
- A sandbox is a virtual environment that allows you to test your application without affecting the production environment.It is used to run suspect code.
- Metadata: Information about a file and the context of the file.
- Metadata examples:
- author
- date created
- date modified
- file size
- Exif data (Exchangeable Image File Format) is metadata about an image file. Includes sets of metadata tags called labels.
- Data verification checks different types of data for accuracy and consistency.
- Hashing takes an input and processes it to produce a unique value of numbers by applying an algorithm.
- Hashing rules:
- No matter how long the input is the length of the output will always be the same. (When using same algorithm).
- Hashed text can't be changed back to normal text.
- the same input will always result in the same hash every time you regenerate it with the same algorithm.
- Different algorithms have different hashes for the same input.
- Watermarks are often used as a basic means of Data verification.
- Logs can hep developers find bugs and improve software performance.Companies use them to decide prices.Internet browsers, printers, and activity trackers use logs.
- Pieces of data in a log is called fields, separated by one or more characters called delimiters (such as commas), This is called CSV format.
- CSV is short for comm separated values.
- Logs store the following data:
- When application has been started up or shut down.
- Installing new software on device.
- Reading and then deleting an email.
- Failed login attempts to a system.
- Pivot tables can be used to group and display data differently to how it looks when loaded. Data can be summed [=SUM()], Averaged [=AVG()], or counted [=COUNTED()].
- Filtering is used with large datasets that focuses on smaller parts of the data.
- Sorting can be used to sort data alphabetically, in chronological order, or numerically.
- Hiding or showing information to focus on particular data is called filtering.
- Searching information is called querying.
- 2021-05-04, 08:42:17, kenobi, 1, 100, tatooine-office-7, always.docx, 10.132.17.21date: 2021-05-04Time: 08:42:17User: kenobiPages: 1Copies: 100Printer: tatooine-office-7Document: always.docxSender IP: 10.132.17.21
- Protocols are a set of rules that allows communication and transfers of data between computers.
- Miscommunication can happen if data is not ordered or structured as the computer expects.
- IP stands for internet protocol.
- HTTP stands for Hypertext transfer protocol.
- SMTP stands for simple mail transfer protocol.
- IMAP stands for internet message access protocol.
- IP and HTTP are for sending data between computers on a network.
- SMTP is for sending emails.
- IMAP is for receiving emails.
- IP addresses are needed in a network to identify which computers are sending messages and which computers are receiving messages.
- IPv4 Addresses are 4 numbers between 0-255, 32 bits long and is the fourth version of IP addresses.
- IPv6 is 128 bits long and is the most recent IP version.
- IMAP logs tell us what people do with the email.
- IMAP events are sent to the mail server and the mail server then sends the event to the client.
- Expunge is to remove something unwanted.
- Datasets are used to store , update, and access huge amounts of data.
- Most common datasets are relational datasets.
- End User License Agreement or EULA is an agreement made between the digital software and the user.Legalities of the use of the product.
- Australian Privacy Principles (APPs) are a set of rules that govern how organizations handle personal information. This includes international companies.
- Threat models outlines a variety of different threats to a network.
- Hiding or showing information to focus on particular data is called:Filtering
- File metadata includes.TypeSizeNameDate Modified