Security + Domain 4 Incident Response & Forensics

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/24

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

25 Terms

1
New cards

analysis

checking logs, alerts, and data to find out what happened

2
New cards

Containment

Stopping the threat from spreading or doing more damage.

3
New cards

Eradication

Removing the threat completely from the system.

4
New cards

Recovery

Getting systems back to normal and making sure the threat is gone.

5
New cards

Post-Incident Activity / Lessons Learned

Review what happened, what was done, and how to improve for next time.

6
New cards

Root Cause Analysis

Finding the main reason why a problem or incident happened.

7
New cards

After Action Report

A summary of what happened, what was done, and how to improve.

8
New cards

Threat Hunting

Searching your systems for hidden attackers before they cause harm.

9
New cards

Profiling Threat Actors and Activities

Learning about hackers and what they usually do to better predict and stop attacks.

10
New cards

Advisories and Bulletins

Official alerts that warn about security problems and how to fix them.

11
New cards

Intelligence Fusion and Threat Data

Combining info from many sources to get a clear picture of threats.

12
New cards

testing

exercise of incident response procedures

13
New cards

tabletop exercise (ttx)

simulate incidents within a control framework

14
New cards

Penetration Test

A safe, planned cyberattack used to find weaknesses before real attackers do.

15
New cards

simulation

practice run of a cyberattack or incident to test how people and systems respond.

16
New cards

digital forensics

process of collecting, analyzing, and preserving electronic evidence

17
New cards

Identification

The process of claiming an identity, usually with a username or ID, before authentication happens.

18
New cards

Collection

The process of gathering digital evidence from systems, devices, or networks in a secure way for analysis.

19
New cards

Order of Volatility

The order in which digital evidence should be collected, from most to least temporary.

20
New cards

Chain of Custody

record of who collected, handled, and stored digital evidence

21
New cards

Disk Imaging

Creating an exact copy of a storage device for forensic analysis without altering the original data.

22
New cards

File Carving

recovering files from raw data on a disk without using the file system.

23
New cards

Legal Hold

A process that preserves all relevant data to prevent deletion during an investigation or legal case.

24
New cards

Electronic Discovery (eDiscovery)

process of identifying, collecting, and producing electronic data for use in legal cases or investigations.

25
New cards

Data Acquisition

collecting digital evidence from devices in a forensically sound way for analysis.