Cybersecurity: Virus Detection, Policies, and Digital Forensics

Virus

Malicious code that attaches to specific file types (like .exe, .doc, .pdf) and spreads when those files are opened.

Heuristic Scanning

A virus detection method that looks for suspicious behavior instead of known virus signatures.

Sandbox Scanning

Runs a file in a safe, isolated virtual environment to see if it behaves like malware.

Firewall

A security system that monitors and controls incoming and outgoing network traffic based on rules.

SIEM (Security Information and Event Management)

A system that collects, analyzes, and reports security logs from multiple sources in real time.

Dual-Homed Host

A computer with two network interfaces that connects two separate networks.

Network-Based Host

A security system placed on the network to monitor traffic rather than on individual computers.

Security Policy

A formal set of rules that define how an organization protects its information and systems.

User Policy

Rules that define what users can and cannot do on a company's systems.

DRP (Disaster Recovery Plan)

A plan for restoring systems and data after a disaster or cyberattack.

Gray Area of Acceptable Use

Activities not clearly allowed or forbidden but could still cause problems.

System Administration Policies

Rules for how administrators configure, manage, and secure systems.

What Happens When an Employee Leaves an Organization

Access is removed, accounts are disabled, passwords changed, and company property is retrieved.

Implicit Deny

A security rule that blocks everything unless it is explicitly allowed.

First Rule of Security

Nothing is 100% secure.

Minimum Password Age

The minimum amount of time a user must keep a password before changing it.

Good Password Length (Text Standard)

At least 12-16 characters.

System Hardening

The process of securing a system by removing unnecessary services and tightening settings.

DMZ (Demilitarized Zone)

A network area between the internal network and the internet used for public services.

Nessus

A vulnerability scanner used to find security weaknesses.

Shodan

A search engine for finding internet-connected devices.

Cyber Terrorism (FBI Definition)

A cyberattack intended to cause fear, damage infrastructure, or disrupt society for political reasons.

Flame Virus

A very advanced espionage malware used for spying on governments.

Economic Attack

A cyberattack meant to damage a country's economy or financial systems.

Stuxnet

A cyber weapon that targeted nuclear facilities in Iran.

Information Warfare

The use of information and cyber tools to gain military or political advantage.

Propaganda Agent

A person or tool used to spread misleading or biased information.

Country That Sends ~800 Million Spam Emails Per Day

United States.

Sex Offender Registries

Public databases listing convicted sex offenders and their locations.

Federal Prison Record Site

BOP (Federal Bureau of Prisons) Inmate Locator.

Usenet

An early internet discussion system still used for file sharing.

inurl

Google search operator that finds keywords inside website URLs.

intitle

Google search operator that finds keywords inside webpage titles.

Maltego

A digital investigation tool used for mapping relationships and finding data.

First Responder to Computer Crime

The first person who secures the computer or digital evidence.

Consequence of Proper Evidence Handling

Evidence remains admissible in court.

Forensically Valid Copy

An exact, verified duplicate of digital data made for investigation.

md5sum

A hashing tool used to verify data integrity.

Chain of Custody

A log that tracks who handled evidence and when.

Computer Evidence

Any digital data used in a legal investigation.

DiskDigger

A file recovery and digital forensics tool.