Shared Flashcard Set

Details

I - SES-602 - Module 9 - Cyberforensics
N/A
30
Computer Networking
Graduate
11/28/2011

Additional Computer Networking Flashcards

 


 

Cards

Term
Corroboration
Definition
Evidence that tends to support a proposition that is already supported by some evidence, therefore confirming the proposition. For example, W, a witness, testifies that she saw X drive his automobile into a green car. Meanwhile Y, another witness, testifies that when he examined X's car, later that day, he noticed green paint on its fender.
Term
The Hacker Crackdown
Definition
A book that discusses watershed events in the hacker subculture in the early 1990s. The most notable topic covered is Operation Sundevil and the events surrounding the 1987-1990 war on the Legion of Doom network: the raid on Steve Jackson Games, the trial of "Knight Lightning" (one of the original journalists of Phrack), and the subsequent formation of the Electronic Frontier Foundation.
Term
Joyrider
Definition
Bored people looking for amusement. They break in because they think you might have interesting data, or because it would be amusing to use your computers, or because they have nothing better to do. They might be out to learn about the kind of computer you have or about the data you have. They're curious, but not actively malicious; however, they often damage the system through ignorance or in trying to cover their tracks.
Term
Kevin Mitnick
Definition
A computer security consultant, author, and hacker. In the late 20th century, he was convicted of various computer- and communications-related crimes. At the time of his arrest, he was the most-wanted computer criminal in the United States.[
Term
Business Intelligence
Definition
 Computer-based techniques used in identifying, extracting, and analyzing business data, such as sales revenue by products and/or departments, or by associated costs and incomes.  Additionally, it aims to provide historical, current and predictive views of business operations in order to support to support better business decision-making.
Term
Threat Derivation
Definition
The process of determining the threat environment. This can be done by creating a tree of different threat possibilities until leaf nodes are reached in all cases (to the best of ones knowledge).
Term
Software Worm
Definition

A self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a computer virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.

 

Note: Usually have the following modes of operation: (1) Scan for target, (2) self-install on target, and (3) execute on target, which may involve scaninng for more targets.

Term
SQL Injection
Definition
An often used way to attack the security of an website by inputing SQL statements into a web form to get a badly designed website to dump the database content to the attacker. It's a code injection technique that exploits a security vulnerability in a websites software. The vulnerability happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed.
Term
Bot
Definition
Software applications that run automated tasks over the Internet. Typically, they perform tasks that are both simple and structurally repetitive, at a much higher rate than would be possible for a human alone. Their largest use is in web spidering, in which an automated script fetches, analyzes, and files information from web servers at many times the speed of a human.
Term
Botnet
Definition
A collection of compromised computers connected to the Internet. Often used to collect personal data suchs as passwards or credit card numbers. Additionally, because of the large number of bots in some botnets, they can be used to send spam email and perform denial of service attacks.
Term
Network Address Translation (NAT)
Definition
The process of modifying IP address information in IP packet headers while in transit across a traffic routing device. It is often used to hide an entire IP address space, usually consisting of private IP addresses, behind a single IP address (or in some cases a small group of IP addresses) in another (usually public) address space.
Term
The Waledac Botnet
Definition
A botnet that was capable of sending about 1.5 billion spam messages a day, or about 1% of the total global spam volume, before it was taken down by Microsoft.
Term
Stuxnet
Definition

A computer worm discovered in June 2010. It targets Siemens industrial software and equipment running Microsoft Windows. While it is not the first time that hackers have targeted industrial systems, it is the first discovered malware that spies on and subverts industrial systems, and the first to include a programmable logic controller (PLC) rootkit.

 

Most notable, different variants of Stuxnet targeted five Iranian organizations, with the probable target widely suspected to be uranium enrichment infrastructure in Iran.

Term
CyberForensics (systemigram)
Definition
CyberForensics facilitates investigation that produces evidence to strenthen cases.
Term
Investiagation Process
Definition

• Identify evidence, immediately, e.g. firewall logs, centralized syslogs, router logs, IDS/IPS logs, sniffer data, application logs and any other data that could help in the investigation.
• Implement, immediately, a plan for the preservation of logs so that historical evidence is not deleted due to planned or routine log maintenance activity.
• Identify, immediately, the available data storage to handle copies of all the evidence.
• Implement proper controls to show integrity and chain of custody over evidence, while observing proper confidentiality.
• Focus on potential scope and complexity.

Term
Containment
Definition
Identifying, containing and remediating (correcting) the problem rather than obtaining useful evidence from a legal perspective
Term
Insider Threats
Definition

• Unintentional (People bugs)

– Internet-connected company computer is compromised:

– Clicked on malicious link within an email or a trojanized email
attachment

– Socially engineered

• Intentional

– User/employee/contractor exploits authorized access to steal data or
disrupt

– IT services

– Self-motivated

– Recruited by foreign intelligence service, terrorist organization, criminal enterprise, or competitor.

Term
Application Forensics
Definition

• Audit tools and techniques

– Sampling

– Transaction tracing

• Interview suspects

• Incorporate external data sources

Term
Malware: Propagation (def)
Definition

How does malware spread across systems?

Term
Malware: Infection (def)
Definition
How does malware embed itself in the system?
Specimens also differ in the degree to which they resist
disinfection attempts.
Term
Malware: Self-Defense (def)
Definition
How does malware conceal its presence and
resist analysis? Such techniques are sometimes referred to as “anti-reversing capabilities”
Term
Malware: Capabilities (def)
Definition
From the point of view of the malware
author, what “business purpose” does malware serve?
Term
Exfiltration
Definition
An unauthorized release of data from within a computer system, e.g., credit card, password, or other ID theft.
Term
Distributed Denial of Service (DDOS)
Definition
Occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. These systems are compromised by attackers using a variety of methods.
Term
Network Forensics
Definition
A sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection.
Term
Non-volitile Data
Definition

• Obvious – file storage, removable media
• Not so obvious - Anti-forensics - tools and techniques
that focus on limiting the identification, collection,
collation and validation of electronic data. Includes but is
not limited to:

– Nonstandard disk utilization

• Slack space

• “Bad” clusters

• Additional clusters

– Steganography

– Watermarks and fingerprints

Term
Volitile Data
Definition

• The temporary state of the device, data that will be
eliminated once the machine is shut down, can include,
but is not limited to:

– System Date and Time
– Current Network Connections
– Open Ports
– Logged on Users
– Running services and processes
– Scheduled jobs
– Open files
– Swap files

Term
Steganography
Definition
The practice of hiding private or sensitive information
within something that appears to be nothing out of the
usual, e.g., microdot.
Term
Steganalysis
Definition
The art and science of detecting messages hidden using steganography.
Term
Watermarking
Definition

The process of embedding information into a digital signal which may be used to verify its authenticity or the identity of its owners. May be visible or invisible. 

 

Additionally, it may intended for widespread use and thus, is made easy to retrieve or, it may be a form of steganography, where a party communicates a secret message embedded in the digital signal. In either case, the objective is to attach ownership or other descriptive information to the signal in a way that is difficult to remove.

Supporting users have an ad free experience!