Ethical Hacking, Penetration Testing and IT-Forensics - Logs and Log Handling

0.0(0)
Studied by 0 people
call kaiCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/18

flashcard set

Earn XP

Description and Tags

Vocabulary terms and definitions related to log management, network evidence sources, and time synchronization in the context of ethical hacking and IT forensics.

Last updated 9:25 AM on 5/28/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai

No analytics yet

Send a link to your students to track their progress

19 Terms

1
New cards

NTP

Network Time Protocol; used to synchronize time between systems, which is critical for accurate evidence timestamps.

2
New cards

Stratum 0

The top level of the NTP hierarchy, also called reference clocks; these often run atomic clocks or receive GPS time.

3
New cards

ntp.hv.se

A stratum 22 time server that receives its time from Swedish national time servers (stratum 11).

4
New cards

SNMP

Simple Network Management Protocol; used to collect information from agents, set configuration on equipment, or receive traps when events occur.

5
New cards

SNMP Agent

The software running on a managed system, such as a router or switch, that communicates with a Network Management System.

6
New cards

Network Management System (NMS)

A system running on a server that gathers data from SNMP agents and displays it to the user.

7
New cards

SNMP v1

The first version of SNMP characterized by very low security and cleartext authentication.

8
New cards

SNMP v2c

An SNMP version with low security that utilizes 6464-bit counters to handle higher volumes of traffic.

9
New cards

SNMP v3

The most complex SNMP version which utilizes TLS encrypted transport for increased security.

10
New cards

UDP Port 161

The standard port used for SNMP communication.

11
New cards

Netflow

A Cisco-originated protocol used to count and export flow records to a collector for traffic analysis.

12
New cards

Flow

A sequence of packets sharing the same ingress interface, Source IP, Destination IP, IP protocol, Source port, Destination port, and Type of service.

13
New cards

IPFIX

The IETF standardized version of flow protocol, based on Netflow version 99.

14
New cards

sFlow

A technology that sends headers from sampled packets and traffic counters to a collector for traffic type statistics, without showing full packet content.

15
New cards

SPAN/RMON

Technologies used for port mirroring, copying all traffic from one switch port to another for delivery to systems like an IDS.

16
New cards

Lawful Intercept

A specific monitoring feature found in many ISP or carrier switches and routers.

17
New cards

Normalization

The process of rewriting different log formats (such as timestamps and addresses) into a common format to allow for accurate correlation and comparison.

18
New cards

Splunk

A well-known commercial system used for log analysis and correlation.

19
New cards

ELK

An Open Source alternative for log analysis consisting of Elasticsearch, Logstash, and Kibana.