GCS 1-4: Foundations-Tools

Course 1 (Foundations of Cybersecurity), Module 4 (Tools & Programming Languages)

Log

A record of events that occur within an organization’s systems.

Security Information and Event Management

Aka SIEM. An application that collects and analyzes log data to monitor critical activities in an organization.

Splunk and Chronicle

Commonly used SIEM tools.

Splunk

A data analysis platform.

Splunk Enterprise

Provides SIEM solutions. It is a self-hosted tool used to retain, analyze, and search an organization’s log data.

Google Chronicle

A cloud-native SIEM tool that stores security data for search and analysis.

Cloud-native

Allows for fast delivery of new features.

Playbook

A manual that provides details about an operational action.

Network Protocol Analyzer

Aka packet sniffer. A tool designed to capture and analyze data traffic within a network.

Forensic Case Playbooks

Chain of custody and protecting and preserving evidence playbooks.

Chain of Custody Playbook

The process of documenting evidence possession and control during an incident lifecycle. As a security analyst involved in a forensic analysis, you will work with the computer data that was breached. You and the forensic team will also need to document who, what, where, and why you have the collected evidence. The evidence is your responsibility while it is in your possession. Evidence must be kept safe and tracked. Every time evidence is moved, it should be reported. This allows all parties involved to know exactly where the evidence is at all times.

Protecting and Preserving Evidence Playbook

The process of properly working with fragile and volatile digital evidence. As a security analyst, understanding what fragile and volatile digital evidence is, along with why there is a procedure, is critical. As you follow this playbook, you will consult the order of volatility. While conducting an investigation, improper management of digital evidence can compromise and alter that evidence. When evidence is improperly managed during an investigation, it can no longer be used. For this reason, the first priority in any investigation is to properly preserve the data. You can preserve the data by making copies and conducting your investigation using those copies.

Order of Volatility

A sequence outlining the order of data that must be preserved from first to last. It prioritizes volatile data, which is data that may be lost if the device in question powers off, regardless of the reason. 

Programming

Used to create a specific set of instructions for a computer to execute tasks.

Linux

An open-source operating system.

Structured Query Language

Aka SQL. A programming language used to create, interact with, and request information from a database.

Database

An organized collection of information or data.

Python

Used to perform tasks that are repetitive and time-consuming, and that require a high level of detail and accuracy.

Automation

The use of technology to reduce human and manual effort in performing common and repetitive tasks. It also helps reduce the risk of human error.

Data point

A specific piece of information.

Operating system

The interface between computer hardware and the user. Linux, macOS, and Windows are examples. They each offer different functionality and user experiences.

Open source

The code is available to the public and allows people to make contributions to improve the software.

Command

An instruction telling the computer to do something.

Command-line interface

Text-based user interface that uses commands to interact with the computer.

Web vulnerability

A unique flaw in a web application that a threat actor could exploit by using malicious code or behavior, to allow unauthorized access, data theft, and malware deployment.

Antivirus software

Aka anti-malware. A software program used to prevent, detect, and eliminate malware and viruses. Depending on the type, it can scan the memory of a device to find patterns that indicate the presence of malware.

Intrusion Detection System

Aka IDS. An application that monitors system activity and alerts on possible intrusions. The system scans and analyzes network packets, which carry small amounts of data through a network. The small amount of data makes the detection process easier for an IDS to identify potential threats to sensitive data. Other occurrences an IDS might detect can include theft and unauthorized access.

Encryption

Makes data unreadable and difficult to decode for an unauthorized user; its main goal is to ensure confidentiality of private data. It is the process of converting data from a readable format to a cryptographically encoded format.

Cryptographic encoding

Converting plaintext into secure ciphertext.

Plaintext

Unencrypted information.

Secure ciphertext

The result of encryption.

Encoding

Uses a public conversion algorithm to enable systems that use different data representations to share information.

Penetration testing

Aka pen testing. The act of participating in a simulated attack that helps identify vulnerabilities in systems, networks, websites, applications, and processes. It is a thorough risk assessment that can evaluate and identify external and internal threats as well as weaknesses.

Portfolio Projects

• Drafting a professional statement

• Conducting a security audit

• Analyzing network structure and security

• Using Linux commands to manage file permissions

• Applying filters to SQL queries

• Identifying vulnerabilities for a small business

• Documenting incidents with an incident handler’s journal

• Importing and parsing a text file in a security-related scenario

• Creating or revising a resume