compTIA security e8 chap15
What is the key difference between hashing and checksums?
Both can validate integrity, but a hash also provides a unique digital fingerprint.
What is the document that tracks the control of a piece of evidence called?
Chain of custody
Theresa's organization has received a legal hold notice for their files and documents. Which of the following is not an action she needs to take?
Delete all sensitive documents related to the case.
What is eDiscovery?
A process for sharing electronic forensic data
A forensic specialist discovered that an intruder infiltrated a system as a standard user and was therefore unable to remove evidence of their attack to evade detection. The specialist found log entries and inconsistent version-tracking metadata. What is the collective term for the various sources of evidence that an attacker might leave behind?
Artifacts
Henry wants to use an open-source forensic suite. Which of the following tools should he select?
Autopsy
While doing forensic investigation and gathering evidence, which of the following should you keep in mind?
Classify available evidence according to its order of volatility.
What legal concept determines the law enforcement agency or agencies that will be involved in a case based on location?
Jurisdiction
Alaina wants to maintain chain of custody documentation and has created a form. Which of the following is not a common element on a chain of custody form?
Method of transport
Which aspect of digital forensics is most concerned with the definitive and indisputable identification of the source of admissible evidence?
Non-repudiation
What kind of tool, often called a sniffer, is used to capture network traffic, allowing the operator to visualize the various processes involved in the communication?
Protocol analyzer
Naomi is preparing to migrate her organization to a cloud service and wants to ensure that she has the appropriate contractual language in place. Which of the following is not a common item she should include?
Right to forensic examination
Erica provides laptops and mobile devices for her organization's traveling staff members. She has read a number of articles about data being stolen through the use of malicious charging cables or chargers. What type of solution can she give her organization's traveling staff to prevent this attack?
USB data blocker
When is it appropriate to establish a legal hold on information?
When the information is not in your control but is legally relevant
Cynthia wants to make an exact copy of a drive using a Linux command-line tool. What command should she use?
dd
