What are Digital Forensics?
Systematic process of investigating and analyzing digital devices and data to uncover evidence for legal purposes
What does the 1st phase of Digital Forensics - Identification do?
Focus on scene safety, prevention of evidence contamination, and scope determination
What does the 2nd phase of Digital Forensics - Collection do?
Refers to the process of gathering, preserving, and documenting physical or digital evidence in various fields
What is the Order of Volatility?
Dictates the sequence in which data sources should be collected and preserved based on their susceptibility to rapid changes during system operation
What is the Order of Volitility?
■ Collect data from the system’s memory
■ Capture data from the system state
■ Collect data from storage devices
■ Capture network traffic and logs
■ Collect remotely stored or archived data
What is a Chain of Custody
Documented and verifiable record that tracks the handling, transfer, and preservation of digital evidence from the moment it is collected until it is presented in a court of law
What is Disk Imaging? (copying storage device)
Involves creating a bit-by-bit or logical copy of a storage device, preserving its entire content, including deleted files and unallocated space
What does File Carving do?
Focuses on extracting files and data fragments from storage media without relying on the file system
What does the 3rd phase of Digital Forensics - Analysis do?
Systematically scrutinizing data to uncover relevant information like, timestamps, user interactions, and signs of criminal activity
What does the 4th phase of Digital Forensics - Reporting do?
Involves documenting the findings, processes, and methodologies used during a digital forensic investigation in a final report
What is a Legal Hold?
Formal notification that instructs employees to preserve potentially relevant electronic data, documents and records
What is an E-Discovery (Electronic Discovery)?
Process of identifying, collecting, and presenting electronically stored information for potential legal proceedings
-
Threat Actor Motivations12
-
Hacktivists7
-
Organized Crime2
-
Unskilled Attackers3
-
Nation-State Actor5
-
Insider Threats3
-
Shadow IT3
-
Threat Vectors and Attack Surfaces11
-
Outsmarting Threat Actors11
-
PHYSICAL SECURITY1
-
Fencing and Bollards4
-
Attacking with Brute Force5
-
Surveillance Systems3
-
Bypassing Surveillance Systems7
-
Access Control Vestibules5
-
Door Locks4
-
Access Badge Cloning7
-
SOCIAL ENGINEERING1
-
Motivational Triggers7
-
Impersonation5
-
Pretexting2
-
Phishing Attacks6
-
Preventing Phishing Attacks7
-
Frauds and Scams5
-
Influence Campaigns3
-
Other Social Engineering Attacks13
-
MALWARE3
-
Viruses11
-
Worms3
-
Trojans3
-
Ransomware3
-
Zombies and Botnets7
-
Rootkits12
-
Backdoors and Logic Bombs4
-
Keylogger3
-
Spyware and Bloatware6
-
Malware Attack Techniques12
-
Indications of Malware Attacks9
-
DATA PROTECTION1
-
Data Classifications14
-
Data Ownership9
-
Data States17
-
Data Types5
-
Data Sovereignty2
-
Securing Data8
-
Data Loss Prevention (DLP)5
-
CRYPTOGRAPHIC SOLUTIONS8
-
Symmetric vs Asymmetric5
-
Symmetric Algorithms10
-
Asymmetric Algorithms4
-
Hashing8
-
Pass the Hash Attack5
-
RISK MANAGEMENT1
-
Risk Assessment Frequency6
-
Risk Identification7
-
Risk Register13
-
Qualitative Risk Analysis1
-
Quantitative Risk Analysis6
-
Risk Management Strategies7
-
Risk Monitoring and Reporting9
-
THIRD-PARTY VENDOR RISKS1
-
Supply Chain Risks5
-
Supply Chain Attacks8
-
Vendor Assessment10
-
Vendor Selection and Monitoring5
-
Contracts and Agreements8
-
GOVERNANCE AND COMPLIANCE2
-
Governance10
-
Governance Structures6
-
Policies7
-
Standards5
-
Procedures5
-
Governance Considerations7
-
Compliance12
-
Non-compliance Consequences5
-
ASSET AND CHANGE MANAGEMENT2
-
Acquisition and Procurement5
-
Mobile Asset Deployments3
-
Asset Management6
-
Asset Disposal and Decommissioning12
-
Change Management5
-
Change Management Processes6
-
Technical Implications of Changes6
-
Documenting Changes2
-
AUDITS AND ASSESSMENTS5
-
Internal Audits and Assessments10
-
Performing an Internal Assessment3
-
External Audits and Assessments5
-
Penetration Testing5
-
Reconnaissance in Pentesting6
-
Attestation of Findings6
-
CYBER RESILIENCE AND REDUNDANCY2
-
High Availability10
-
Data Redundancy9
-
Capacity Planning5
-
Powering Data Centers9
-
Data Backups10
-
Continuity of Operations Plan3
-
Redundant SIte Considerations10
-
Resilience and Recovery Testing8
-
SECURITY ARCHITECTURE3
-
On-Premise Vs the Cloud9
-
Cloud Security11
-
Virtualization and Containerization8
-
Serverless8
-
Microservices9
-
Network Infrastructure3
-
Software-defined Network (SDN)4
-
Infrastructure as Code (IaC)2
-
Centralized vs. Decentralized Architectures2
-
Internet of Things (IoT)2
-
ICS and SCADA4
-
Embedded Systems8
-
SECURITY INFRASTRUCTURE1
-
Ports and Protocols7
-
Firewalls16
-
Configuring Firewalls5
-
IDS and IPS9
-
Network Appliances5
-
Port Security9
-
Securing Network Communications16
-
Infrastructure Considerations9
-
Selecting Infrastructure Controls6
-
IDENTITY AND ACCESS MANAGEMENT (IAM) SOLUTIONS1
-
Identity and Access Management (IAM)9
-
Multi-factor Authentication2
-
Password Security6
-
Password Attacks5
-
Single Sign-On (SSO)4
-
Federation1
-
Privileged Access Management (PAM)4
-
Access Control Models7
-
Assigning Permissions1
-
VULNERABILITIES AND ATTACKS2
-
Hardware Vulnerabilities13
-
Bluetooth Vulnerabilities and Attacks9
-
Mobile Vulnerabilities and Attacks5
-
Zero-day Vulnerabilities3
-
Operating System Vulnerabilities5
-
SQL and XML Injections6
-
XSS and XSRF10
-
Buffer Overflow5
-
Race Conditions8
-
MALICIOUS ACTIVITY1
-
Distributed Denial of Service8
-
Domain Name System (DNS) Attacks6
-
Directory Traversal Attack5
-
Execution and Escalation Attacks10
-
Replay Attacks2
-
Session Hijacking7
-
On-path Attacks9
-
Injection Attacks4
-
Indicators of Compromise (IoC)10
-
HARDENING1
-
Restricting Applications4
-
Trusted Operating Systems5
-
Updates and Patches5
-
Patch Management5
-
Group Policies3
-
SELinux15
-
Data Encryption Levels7
-
Secure Baselines1
-
SECURITY TECHNIQUES1
-
Wireless Infrastructure5
-
Wireless Security Settings10
-
Application Security10
-
Network Access Control (NAC)3
-
Web and DNS Filtering8
-
Email Security8
-
Endpoint Detection and Response3
-
User Behavior Analytics2
-
Selecting Secure Protocols5
-
VULNERABILITY MANAGEMENT1
-
Identifying Vulnerabilities8
-
Threat Intellegence Feeds4
-
Responsible Disclosure Programs2
-
Analyzing Vulnerabilities9
-
Vulnerability Response and Remediation7
-
Validating Vulnerability Remediation1
-
Vulnerability Reporting4
-
ALERTING AND MONITORING3
-
Monitoring Resources3
-
Alerting and Monitoring Activities8
-
Simple Network Management Protocol (SNMP)5
-
Security Information and Event Management (SIEM)3
-
Data from Security Tools4
-
Security Content Automation Protocol (SCAP)8
-
Network and Flow Analysis6
-
Single Pane of Glass5
-
INCIDENT RESPONSE1
-
Incident Response Process10
-
Threat Hunting3
-
Root Cause Analysis6
-
Incident Response Training and Testing5
-
Digital Forensic Procedure12
-
Data Collection Procedures1
-
INVESTIGATING AN INCIDENT0
-
Investigative Data9
-
Dashboards3
-
Automated Reports4
-
Vulnerability Scans2
-
Packet Captures1
-
Metadata2
-
AUTOMATION AND ORCHESTRATION5
-
When to Automate and Orchestrate2
-
Automating Support Tickets3
-
Automating Onboarding3
-
Automating Security3
-
Automating Application Development10
-
Integrations and APIs5
-
Ports6
