Uploaded by Dre Salami

ITSY-2443-30001 Vocab Module 6

ITSY Key Acronyms/terms Module 6
1. Some of you are new to Information Security (InfoSec) and some are experienced
practitioners looking for some additional education/certification.
2. The biggest part of learning anything new is getting a grasp of the professional
vocabulary and with all things the IT/infosec related acronyms…spoiler alert -- there are
LOT of them.
3. What to do:
a. If it is acronyms spell it out (remember these terms are relevant to cyber security)
b. Provide a brief definition in your own words
c. Use the acronym/term in a few sentences explaining how it is relevant to cyber
security…for instance:
Example: A+ - is a CompTIA certification and is generally consider the first in the series. The A+
certification covers the following areas of IT knowledge/skills: installing, maintaining, customizing, and
operating personal computers. Before I was able to take the CompTIA Network+ exam I had to first take
and pass the A+ exam. Having the A+ certification on my resume helped me land my first computer
repair job.
4. Each acronym/term should require about 3-4 sentences in order to really define and
describe it (remember use your own words please do not just copy and paste from an
internet search).
SWGDE – The Scientific Working Group on Digital Evidence is an organization tasked with
developing regulations, quality assurances, and standards for the gathering, safeguarding, and
investigating of digital evidence that is made available through publications. The organization
aims to establish an exchange of forensics techniques, ideas, and collaboration amongst
countries. SWGDE has long-standing relationships with private forensics companies, banks,
retail stores, departments of Justice, Defense, Homeland Security, County Police, and other law
enforcement agencies.
File slack – also known as slack space, this is the part of a drive that remains after a file has been
stored. The file slack remains when the file gets deleted, and it is from this that a forensics
analyst can uncover deleted files from that sector on the drive. File slacks are made possible by
random bytes of data from memory written into sectors by the system’s operating system.
Wear-leveling – This is an algorithmic process that intends to extend the life expectancy of
solid-state hard drives for prolonged use. There are two types of wear-leveling: dynamic wear
writes data with the least amount of free flash blocks while static wear cuts wear by changing
the data to the barely used flash blocks. The idea of wear-leveling is to make the most of a drive
for optimal use.
Partition gap – is the unused space that exists between multiple partitions created on a drive.
This space/gap can be used as storage to hide data. Often, partition gaps are not visible in the file
system but can be accessed using a disk editor utility.
Least significant bit - is the lowest bit of a number in a binary string on the furthest-right of the
string, depending on the computer's functionality. The least significant bit number has little
effect on the value of a string. The least significant bit can be used as a hash function to quickly
find items in a database.
Defense in depth – This is a convergence of multiple layers of security defense structures
overlayed to protect important data. The idea of defense in depth is to keep securing protection
even if a layer fails. Defense in depth defensive layers could be administrative, physical, or
technical controls.
OOV – Order of Volatility is the procedure expected of a forensic examiner to acquire and
follow the evidence from the most volatile to the less volatile. The Internet Engineering Task
Force (IETF) released the OOV required as follows: Registers, Cache; Routing Table, ARP
Cache, Process Table, Kernel Statistics, Memory; Temporary File Systems; Disk; Remote
Logging and Monitoring Data that is Relevant to the System in Question; Physical
Configuration, Network Topology; and Archival Media.
KFF - The Known File Filter (KFF) is a utility that can measure known hash value files against
known files in an evidence catalog. The filter can analyze files to figure out what is needed to be
identified or ignored, and files to be notified about. KFF architecture has two fundamental parts:
KFF server to process and store data, and KFF data with known hashes analyzed against the
Block-wise hashing – This is a process in which sectors of data are hashed and then compared
against the sectors of the evidence drive. This is done to figure if there are any underlying data
that wasn’t retrieved.
Raster images – Raster images, also referred to as bitmap images are typically formed from
photocopied or scanned images. They are the culmination of rectangular pixels, and color tones
that merge to form an image. Raster images are best used for precise graphics or artwork and are
very specific to the resolution or format of an image to be reproduced or scanned.