CERTIVIEW

Wednesday, 13 January 2016

CISSP Question of the Week: Forensic Investigation

CISSPQOWRedCISSP Question of the Week courtesy of Transcender Labs.

As a part of the incident response team, you have been given a procedures document that identifies the steps you must complete during a forensic investigation.

After which event should the evidence collection step be completed?

A. The incident has been identified only
B. The evidence has been preserved only
C. The incident has been identified and the evidence has been preserved
D. The incident has been identified, the evidence has been preserved, and the evidence has been analyzed

Reveal Answer

The correct answer is C.

You should complete the evidence collection step after the incident has been identified and the evidence has been preserved.

The proper steps in a forensic investigation are as follows:

  • Identification – This step can include event/crime detection, signature resolution, profile detection, anomaly detection, complaint reception, system monitoring, and audit analysis.
  • Preservation – This step can include imaging technologies, chain of custody standards, and time synchronization.
  • Collection – This step can include approved collection methods, approved software, approved hardware, legal authority, sampling, data reduction, and recovery techniques.
  • Examination – This step can include traceability, validation techniques, filtering techniques, pattern matching, hidden data discovery, and hidden data extraction.
  • Analysis – This step can include traceability, statistical analysis, protocol analysis, data mining, and timeline determination.
  • Presentation – This step can include documentation, expert testimony, clarification, mission impact statement, recommended countermeasures, and statistical interpretation.
  • Decision – This step can include management reports, court decisions, and internal decisions.

 

Related Course
CISSP Certification Prep Course

CISSP Question of the Week Series

  • CISSP Question of the Week: Pillar of Basel II
  • CISSP Question of the Week: Implement Redundant Servers
  • CISSP Question of the Week: Terrorist Attacks
  • CISSP Question of the Week: Customer Credit Card Information
  • CISSP Question of the Week: Complex Instruction Set Computers
  • CISSP Question of the Week: Asymmetric Encryption
  • CISSP Question of the Week: OSI Layer for Formatting Data
  • CISSP Question of the Week: Secure Communications
  • CISSP Question of the Week: Biometric System and Fingerprinting Technology
  • CISSP Question of the Week: Security Management Life Cycle
  • CISSP Question of the Week: Anomaly-based Monitoring
  • CISSP Question of the Week: Forensic Investigation


from
CERTIVIEW
Unknown at 05:05
Share

No comments:

Post a Comment

‹
›
Home
View web version

About Me

Unknown
View my complete profile
Powered by Blogger.