edx cybersecurity fundamentals unit 8 44 trminos GwonnyWong

Te
gusta
esta
unidad
de Crea una cuenta
estudio? gratis
Crea una
cuenta Ms tarde

gratis para
poder
guardarla.

malware malicious software, intended to damage or break

computer system or network without user knowledge or
approval

virus injects self into program's instructions so CPU will

execute the malicious instructions when reached in
original program, needs host file to infect and ran for
virus to run, can spread and replicate by themselves to
other files on same machine, human intervention is
required, such as forwarding email attachments,
malicious payload that is meant to execute

worm does not infect host files, stands alone in own file,
propagates itself with no human intervention, exploits
 vulnerabilities in protocols, networks, and configurations,
can get into email lists, compose email, attach
themselves, does not need to have malicious payload

computer program aka software/application, collection of instruction

following algorithms to solve problems or accomplish
tasks, executed by CPU

CPU central processing unit

DDoS distribute denial of service, lost of availability

logic bomb malware introduces latency to excution, certain date or

time will trigger it, longer amount of time before new
malware specimen detected, the better, because it gives
malware time to spread and remain silent so antivirus
cannot pick it up

trojan horse malware with hidden ability used by an attacker, requires

user intervention,. does not replicate

RAT remote administration tool

RAT (malicious) remote access trojan, included with pirated software,

cracked games, email attachments

RATs can perform keystroke logging, packet capture, screen capture,

camera capture, file access

rootkit set of programs and code that allows a persistent

undetectable presence on computer, sanitize logs and
repair time stamps, hiding actions of hackers, mask files,
processes, and network connections, and enable
privileged access on computer, conceals installed
malware

backdoor malware allowing hacker to bypass normal authenication

spyware covertly monitors user's activities and reports personal

user data to third party expecting financial gain, sale of
personal data, redirecting of web activity to ad sites, and
presentation of targeted ad and popups

adware automatically plays and displays advertisements,

downloads promotional materials

shareware free software that might require subsequent payment

 after a trial run

PUP potentially unwanted program

EULA end-user license agreement

phishing sending out bait mostly through email to large amount

of people, causing some to "bite" by sending their
username, passwords, or credit card information

spearphishing phishing targets specific users

whaling phishing aimed mainly toward a high-status of a

company, high profile phishing

pharming hijacking of a website's ip or domain name and

redirecting traffic to a fake website

watering hole a computer attack strategy in which victim is in a part of

a particular group

ransomware locks and encrypts a device until a ransom free is paid

forensic science uses scientific and mathematical processes to analyze

physical evidence

inculpate prove someone did something

exculpate prove someone did not do something

digital forensics subcategory of forensic science dealing with digital

devices

forensic readiness adds value to cybersecurity process

cybercrime any illegal activity involving a computing device, its

systems, or its applications

roles of computing tool used to commit a crime, target of a crime when

devices in forensic hacked, as a repository for evidence of a crime (storage
investigations locations)

digital evidence foundation for identifying, capturing, and prosecuting

cybercriminals, information stored or transmitted in
binary form that may be relied on in court and is
comprised of both data and metadata, contact info,
evidence of malicious attacks, gps location and
movement records, transmission records, system use or
 abuse, account production and use, correspondence
records, image and file content

host-based volatile data from ram (power dependent), non-volatile

information data from hard drive (power agnostic), optical storage,
removable disks

network evidence live traffic, stored communication, server logs

common location of IDS, IPS, firewall logs, application logs, server logs, http
network data captures, ftp captures, email

forensics process evidence is acquired and image, evidence is analyzed, a

report is generated

forensics investigator chooses method to minimize loss, gather pertinent

evidence, maintain integrity of originals, create and work
from copies, avoid volatile data destruction, avoid
missing critical data, avoid altering original data, avoid
untrusted command use, avoid system adjustments
(patches or updates)

hash functions positively verify that files or drives have not been
altered, verify that files and drives and any copies are
intact and have not changed during the investigation

bitstream copy imaging a hard drive by making a bit-for-bit copy from

all sectors

slack space location of the end of a file on a hard drive to the end of
the file cluster that the file is stored in, can find deleted
files, or fragments of deleted files and hidden data

items that need to be manufacturer, model, serial # of hard drives and system
documented components, peripherals attached tro the system, a
description of the evidence, case number, item tag
number of evidence, hash algorithms and message
digests of digital evidence, date and time of collection,
full name and signature of people possessing the
evidence, location of the evidence, all receipts and
transfers

chain of custody preservation process that are above ^, occurs

throughout an entire investigation

anti-forensics designed to thwart discovery of information related to

 illegal activities of a user

steganography hides files and data inside of other files