Digital Forensics
These files, located in a folder by the same name off the root of C:\, are evidence that a program was executed.
What is prefetch
This low quality, poorly built, SIEM is often down and hated by all IR analysts. It was initially created by RSA.
What is NetWitness?
This is the location of the Windows Event logs
What is C:\Windows\system32\config\?
This Linux directory, located off the root (/) directory, contains frequently changing data such as log files and temporary queues for system services like email and printing.
What is /var?
This is the size of an IPv4 header.
What is 32 bits?
This registry key is used for persistance when an attacker does not have admin privileges
HKEY_Current User\Software\Microsoft\Windows\Current Version\Run
These are the six phases of incident response, in order.
What are preparation, identification, containment, eradication, recovery, and lessons learned.
This is the location of the user profile on a Windows 2003 Server or Windows XP system.
What is C:\Documents and Settings\?
After the below command is executed on a file, who can execute the file?
chmod 676 filename1
Who is the group owner?
This protocol and port are used to facilitate a DNS zone transfer.
What is TCP 53?
This file contains the browser history for the Firefox web browser
What is places.sqlite?
This free attacker framework is built on Ruby and contains staged and stageless payloads
What is Metasploit?
The security identifier, or SID, of this account ends in 501
What is the guest account?
This file stores the encrypted user passwords on a Linux system.
What is /etc/shadow file?
These are the key focus areas of information security, often referred to as the CIA triad.
What are confidentiality, integrity, and availability?
This metadata specific to images and sound files includes data such as camera made/model, location information, and date/time.
What is exif data?
This Python-based tool/framework runs on Windows, macOS, and Linux and allows analysts to perform memory analysis using plugins such as pstree, dllList, and hashdump.
What is Volatility?
This Windows feature provides an open-source Linux kernel in Windows 10.
What is Windows Subsystem for Linux?
This host-based firewall comes native with Linux
What is iptables?
The CIS Critical Security Controls change from year to year. However the top 2 controls have remained the same for several years. What do they relate to?
What are the inventory and control or hardware and software assets?
This is the location of the core registry hive files on a Windows system.
What is C:\Windows\System32\Config\?
This is the final column of the MITRE ATT&CK Framework that contains techniques such as data destruction, account access removal, and resource hijacking.
What is Impact?
This Windows feature protects credentials and other secrets in memory from malicious tools like mimikatz
What is Credential Guard?
This Linux log file only records failed login attempts.
What is btmp?
A GDPR violation must be reported within this time frame after being identified.
What is 72 hours?