Digital Forensics

¡Supera tus tareas y exámenes ahora con Quizwiz!

HKLM\SAM

%SYSTEMROOT%\SYSTEM32

HKLM\

%SYSTEMROOT%\System32\config\

Software.dat

Installed programs with usernames and passwords

HKEY_CLASSES_ROOT

Keeps track of file-name extension associations and class registra-tions to connect items with the appropriate application.

Lossless Compression

a data compression algorithm that allows the original data to be perfectly reconstructed from the compressed data.

Lossy Compression

data compression techniques in which some amount of data is lost. This technique attempts to eliminate redundant information.

CSP first responders

Specially trained system and network administrators

HKEY_CURRENT_USER - HKCU

Stores user-specific data related...

HKEY_LOCAL_MACHINE

Contains default settings that can apply to all users on the local computer

bit-stream copy

A bit-by-bit duplicate of data on the original storage medium.

Raw Format

A data acquisition format that creates simple sequential flat files of a suspect drive or data set.

Common type 1 hypervisor

Citirix XenServer

Type 1 hypervisor

A virtual machine interface that loads on physical hardware and contains its own OS.

DomainKeys Identified Mail (DKIM)

A way to verify the names of domains a message is flowing through and was developed as a way to cut down on spam

System.dat

Additional computer settings

Pagefile.sys

Can contain message fragments from instant messaging applications

Sparse acquisition

Captures only specific files of interest to the case, but it also collects fragments of unallocated (deleted) data.

computer generated records

Data generated by a computer, such as system log files or proxy server logs.

computer-stored records

Digital files generated by a person, such as electronic spreadsheets.

Forensics Tools can...

Directly mount VMs as external drives

MAC

Metadata in a prefetch file contains an application's _____________ times in UTC format and a counter of how many times the application has run since the prefect file was created.

Common type 1 hypervisor

Microsoft Hyper-V

NTUser.dat

Most recently used files, desktop configuration

HKU\SID

NTUSER.DAT %USERPROFILE%\NTUSER.DAT

SAM.dat

User account management and security settings

Common type 1 hypervisor

VMWare vSphere

HKLM\HARDWARE

Volatile hive created at boot that contains hardware information provided by the BIOS

Ver todos los conjuntos de estudio

Digital Forensics

Conjuntos de estudio relacionados

Sections 7, 8, and 9 Practice Quiz Questions

Unit 2 Meiosis section

marketing 310 exam 3

Kin 101 Ch 5

AP2 Urinary quiz

Ch. 15

dysrhythmias

Chapter 19: Nursing Management of Pregnancy at Risk: Pregnancy-Related Complications

Benign Prostatic Hyperplasia

Chapter 4

Chapter 6: Colorado Statutes, Rules and Regulations Pertinent to Casualty Only

nutrition chapter 6

test 2 review questions

MIT 231 - ERU ch1 physics principles

STH 200

Lesson 4 Study Guide

MKTG3307 Brand Value

MENTAL HEALTH UNIT EXAM 1

Lecture 2 Scholarly Writing

Psych 333 Chapter 5