Digital Forensics and Incident Response

Fundamentals

Tools

Networking

IR Process

IoCs

100

What does the "I" stand for in the CIA Triad?

Integrity

100

This open-source tool is used to scan for vulnerabilities and identify potential weaknesses in software and systems.

Nessus

100

What does the letters mean in "UDP"?

User Datagram Protocol

100

What's the goal of containment?

Limit damage.

100

What is the extension and magic number of a Windows program file ?

EXE and 0x4D 0x5A

200

R.A.T Stands for Remote Access Tool? True or False

True

200

Which tool is most commonly used for capturing and analyzing network traffic?

Wireshark

200

Switches move packets based on what?

MAC Addresses

200

The 2nd phase of the Diamond Model, which provides a structured approach to incident response is ...

Detect

200

Where is malware "likely" to leave files or data on a Windows system?

Temp folders

300

What type of attack involves tricking specific users into divulging sensitive information?

Spear Phishing

300

What is the name of a popular Windows memory capture tool?

Winpmem

300

SEND is a HTTP Request method? True or False

False

300

This containment technique involves disconnecting a system from the network, blocking IP addresses or ports, and restricting access to prevent further damage.

Network Segmentation

300

Which Windows service is commonly used by malware to maintain persistence on a compromised system?

Svchost.exe

400

A type of malware that secretly records and transmits sensitive information, often without the user's knowledge.

A keylogger

400

What functionality does the "-A" switch provide in Nmap?

Performs OS and version detection

400

What HTTP response code signifies that a resource has been permanently relocated?

301

400

The third F on the F3EAD model is ?

Finish

400

What type of key in the Windows registry is VERY commonly used to allow malware to remain persistent on a system

RUN Keys.

Ex - HKCU\Software\Microsoft\Windows\CurrentVersion\Run

500

This type of attack tricks victims into revealing sensitive information by posing as a trustworthy source...

Social Engineering

500

Which tool is "typically" used for analyzing a malware file without executing it?

A disassembler

500

What is the primary purpose of honeysensors in cybersecurity

Attract, detect and monitor malicious activity.

500

This step in the incident response process involves documenting what happened, why it happened, and how to prevent similar incidents from occurring in the future.

Lesson Learned

500

This type of malware uses existing system tools and services to carry out malicious actions, leaving no trace of a traditional executable file behind.

File-less Malware