CIS4385 Final Study Guide ========================= The final is comprehensive, and does include the entire text. The main topics are: General forensics and cybercrime material Definitions and principles related to the field Locard's Exchange Principle Forensics definition for legal purposes Developments Basic legal concepts, including warrants, subpoenas, and evidentiary concepts General cybercrime issues and techniques, such as phishing, spear phishing, obfuscation, steganography, ransomware, cryptocurrencies, keylogging, spyware, DOS/DDOS, cryptography, hashing, passwords, SQL injection Basic history of laws relating to digital forensics for U.S. and Florida General issues relating to volatility, evanescence, persistence, and proximity/lack of proximity of evidence Internet issues with Internet of Things (IOT), ubiquitous sensing, ubiquitous communication, TOR Networking in general: Internet, firewalls, hardware Issues and techniques for detecting users, both legitimate and illegitimate, such as the existence of backdoors. Linux General structure of Unix/Linux, including the concepts of a kernel and system calls Devices Device drivers Disks Real hardware: spinning drives, SSDs, flash drives, USB, Firewire/Thunderbolt Aggregation, such as RAID Logical filesystems concepts Networking System level, including tools Typical structure of Unix/Linux, including dynamic libraries, static linking The typical Unix/Linux environment Networking concepts Collection issues Windows General structure of Windows, Windows fundamental architecture Dynamic linking Process concepts Devices Device drivers Disks Real hardware: spinning drives, SSDs, flash drives, USB, Firewire/Thunderbolt Aggregation, such as RAID Logical disk concepts Networking System level, including tools Higher levels, such as shares and general domain concepts Tools, both from Microsoft and from other places (notably Sysinternals) Collection of specific data via specific tools, such as time of day, users, shares Collection of general data Registry structure Registry data Filesystem contents Live memory collection and page file information Filesystems Filesystems and traditional partitions Filesystems over logical constructs such as LVM and RAID FAT FAT versions ADS (non-)implementation FAT sections FAT structure LFN entries Deleted entries Recovering deleted entries Directories Clusters FAT boot sector contents NTFS ADS NTFS sections MFT concepts EXT* EXT and its development from FFS/UFS EXT sections Extended attributes