How can we help?

You can also find more resources in our Help Center.

11 terms

CH 7 Computer Forensics

STUDY
PLAY
acquisition
The process of creating a duplicate image of data; one of the five required functions of computer forensics tools.
brute-force attack
The process of trying every combination of characters—letters, numbers, and special characters typically found on a keyboard—to find a matching password or passphrase value for an encrypted file.
Computer Forensics Tool Testing (CFTT)
A project sponsored by the National Institute of Standards and Technology to manage research on computer forensics tools.
discrimination
The process of sorting and searching through investigation data to separate known good data from suspicious data; along with validation, one of the five required functions of computer forensics tools
extraction
The process of pulling relevant data from an image and recovering or reconstructing data fragments; one of the five required functions of computer forensics tools.
keyword search
A method of finding files or other information by entering relevant characters, words, or phrases in a search tool.
National Software Reference Library (NSRL)
A NIST project with the goal of collecting all known hash values for commercial software and OS files.
password dictionary attack
An attack that uses a collection of words or phrases that might
be passwords for an encrypted file. Password recovery programs can use a password dictionary to compare potential passwords to an encrypted file's password or passphrase
hash values.
reconstruction
The process of rebuilding data files; one of the five required functions of computer forensics tools.
validation
The process of checking the accuracy of results; along with discrimination, one of the five required functions of computer forensics tools.
write-blocker
A hardware device or software program that prevents a computer from writing data to an evidence drive. Software write-blockers typically alter interrupt 13 write functions to a drive in a PC's BIOS. Hardware write-blockers are usually bridging devices between a drive and the forensic workstation.