Show:
Evidence/Investigation
Disaster Recovery Methods
RAID, SAN, & NAS
Backup Types
Asset Management
100

Name the first 2 steps in Evidence Lifecycle

1. Discovery

2. Protection

3. Recording

100

A real-time mirror of your system and network activity

running in sync. Allows for minimum disruption and

downtime.

Hot Site

100

What is RAID

Redundant Array of Independent / Inexpensive Disks

100

All files backed up, archive bit and modify bit will be deleted

Full

100

1. Detect • 2. Respond • 3. Report • 4. Recover • 

5. Remediate • 6.Review

Incident Response steps

200

Collect facts to determine matters of the incident.

Interviewing

200

An alternative workspace with power and HVAC setup, but no hardware. All recovery efforts will be technician heavy.

Cold Site

200

Writing the same data across multiple hard disks, slower as data is written twice, doubles up on storage requirements

Disk Mirroring

200

Backup files changed after last full backup, archive bit deleted

Incremental

200

• Data Purging: degaussing Archived data not usable for forensics

• Data Clearing: Cannot recover using keyboard

• Remanence: Data left in media deleted

Sanitizing and Disposing of Data

300

Reasonable facts, with proof of crimes, acts and methods used, event documentation

Relevant

300

A middle-ground solution which includes skeletal hardware, software and connectivity to restore critical functionality.

Warm Site

300

Writes data across multiple disks simultaneously, provides

higher write speed.

Disk Striping

300

Only modified files are backed up, do not delete archive bit. Need last full backup and last incremental backup for a full restore.

Differential

300

The management of change and development within a business or similar organization.

Change Management

400

Obtain a confession by evidence retrieval method.

• The Process: Prepare questions and topics, summarize information

Interrogation

400

Who does an organization contract with a to provide backup services

Service Bureau

400

Typically use Fibre Channel and iSCSI. High speed block level storage.

Storage Area Network (SAN)

400

 Adding servers for increased fault tolerance.

Redundant servers

400

Any non-redundant part of a system that, if dysfunctional, would cause the entire system to fail.

Single Point of Failure (SPOF)

500

What are the four Characteristics of Evidence

Sufficient Reliable Relevant Permissible

500

What is RTO

Recovery Time Objective

500

Typically an NFS server, file-level computer data storage server connected to a computer network.

Network-Attached Storage (NAS)

500

Set of servers that process traffic simultaneously

Server clustering

500

Management of investments on behalf of others

Access Management