Cyber Attribution and Digital Evidence Analysis

A comprehensive set of 40 vocabulary flashcards covering key concepts, terms, and definitions related to cyber attribution, digital evidence, and cryptocurrency laundering.

Cyber Attribution

The process of tracing online criminal activity back to a real human suspect using digital and physical evidence.

Pedigree Diagram

A step-by-step map showing how evidence links online activity to digital identifiers to a real person.

Isolate Criminal Conduct

Step 1 in cyber attribution; identifying the illegal online act (hacking, phishing, malware, data theft).

Directly-Linked Cyber Pedigree

Step 2; evidence directly tied to criminal activity, e.g., IP address, email, malware hash.

Follow-On Pedigree

Step 3; indirect digital links such as proxies, VPNs, burner accounts, and secondary servers.

Link to a Suspect

Step 4; connecting digital trails to a real identity using ISP data, subpoenas, and account info.

Summarize & Articulate Proof

Step 6; writing a detailed summary showing how evidence proves suspect’s involvement.

Digital Evidence

Information stored or transmitted in digital form that can help in investigations.

Chain of Custody

Documentation proving who handled evidence at every step of the investigation.

Phishing

Mass deceptive emails designed to trick users into clicking malicious links.

Spear-Phishing

Targeted phishing aimed at specific individuals, such as executives or employees.

Remote Access Trojan (RAT)

Malware that gives attackers remote control over a device.

Lateral Movement

The movement of attackers through a network after the initial compromise.

CVE

Common Vulnerabilities and Exposures, a database of known security flaws.

Mimikatz

A credential-harvesting tool that extracts passwords and tokens from RAM.

ISP

Internet Service Provider; offers subscriber info tied to an IP address.

Subpoena

A legal document used to force ISPs or others to provide user data for investigations.

Spectrum/Charter Communication Subpoena

Served to corporate legal departments for law enforcement data requests.

Email Used in Attack

financialguard@gmail.com (used for spear-phishing).

Initial Compromised Executive

JNelson@financialguard.com (opened the malicious PDF leading to compromise).

IP Chain

A sequence of IP addresses traced back to a specific location.

Homeowner/Resident

Also referred to in the quiz; describes the individual arrested at the traced IP location.

Money Laundering

The process of making illegal money appear legitimate.

Structuring (Smurfing)

Splitting large transactions into smaller ones to avoid bank reporting.

Shell Company

A fake business used to hide or move illicit funds.

Trade-Based Laundering

Over/under-invoicing goods to move money across borders.

Layering

Complex transfers designed to hide the source of illegal funds.

Cash-Intensive Businesses

Businesses like restaurants or casinos that mix dirty cash with legitimate income.

Real Estate Laundering

Using property transactions to clean illicit money.

Cryptocurrency Laundering

Using crypto transactions to hide money trails.

Mixing Services (Tumblers)

Services that blend cryptocurrency to break blockchain traceability.

Darknet Markets

Online black markets where illegal goods are bought with cryptocurrency.

Ransomware Payments

Payments made by victims in cryptocurrency to attackers.

Prepaid Cards / Virtual Currency

Anonymously moving funds easily through digital channels.

Digital Asset Exchanges

Platforms that can be manipulated for wash trading and laundering.

Gaming Platforms / Virtual Assets

Criminals convert dirty money into game currency or items and resell for clean cash.

Bitcoin (BTC)

A traceable blockchain cryptocurrency that is pseudo-anonymous.

Ethereum (ETH)

A traceable blockchain that supports smart contracts and has high forensic visibility.

Monero (XMR)

A fully anonymous privacy coin with untraceable transactions.

Zcash (ZEC)

Offers shielded transactions for enhanced anonymity.

Dash (DASH)

A cryptocurrency that provides an optional privacy feature called 'PrivateSend'.

Stablecoins (USDT/USDC)

Cryptocurrencies that retain value; often used in fraud schemes.

OSINT (Open-Source Intelligence)

Using public information like WHOIS, social media, and public records for investigations.

IP Lookup Tools

Tools like IPinfo.io and Whois.domaintools used to find information about IP addresses.

Email Header Analysis

Tracing the sending server and originating IP through email headers.

Malware Analysis Tools

Tools like VirusTotal and Cuckoo Sandbox used for analyzing malware.

Blockchain Analysis Tools

Tools like Chainalysis and CipherTrace for tracing cryptocurrency laundering.