DIFR Exam Review

To make sure the physical security of an organization is sufficient

To create a strategy for data and IT asset protection and maintain it

To manage IT employees and search for quality recruits

To manage the business model of an organization

Blocklist filtering

Host isolation

Updating IDS rules

Segmentation of networks

Penetration Testing

Collection

Examination

Reporting

DumpIt

HxD

PhotoRec

Bulk Extractor

Identification, Detection and Analysis, Containment, Eradication and Recovery, and Post-Incident Activity

Identification, Detection and Analysis, Containment, Termination, Recovery, and Post-Incident Activity

Preparation, Detection and Analysis, Containment, Termination, Recovery, and Post-Incident Activity

Preparation, Detection and Analysis, Containment, Eradication and Recovery, and Post-Incident Activity

PhotoRec

Volatility

dd

Exif tool

File System Changes

Network Activity

Registry Changes

Executable File Strings

To perform static malware analysis

To test malware in an isolated environment

To run new apps

To clear infected files in the host system

tcpdump is command-based; Wireshark has a GUI interface.

tcpdump can only capture packets that use TCP.

Wireshark is a network monitoring tool; tcpdump is used as an IDS.

tcpdump is a dumping tool; Wireshark monitors system files.

Display filters

Replace network traffic

Stream inspection

Object export