Multiple Choice
A security incident may have occurred on the desktop PC of an organization's Chief Executive Officer (CEO) . A duplicate copy of the CEO's hard drive must be stored securely to ensure appropriate forensic processes and the chain of custody are followed. Which of the following should be performed to accomplish this task?
A) Install a new hard drive in the CEO's PC, and then remove the old hard drive and place it in a tamper-evident bag.
B) Connect a write blocker to the hard drive. Then, leveraging a forensic workstation, utilize the dd command in a live Linux environment to create a duplicate copy. Connect a write blocker to the hard drive. Then, leveraging a forensic workstation, utilize the dd command in a live Linux environment to create a duplicate copy.
C) Remove the CEO's hard drive from the PC, connect to the forensic workstation, and copy all the contents onto a remote fileshare while the CEO watches.
D) Refrain from completing a forensic analysis of the CEO's hard drive until after the incident is confirmed; duplicating the hard drive at this stage could destroy evidence.
Correct Answer:
Verified
Correct Answer:
Verified
Q53: Which of the following will MOST likely
Q54: A company wants to deploy PKI on
Q55: A security analyst has received an alert
Q56: A manufacturer creates designs for very high
Q57: Company engineers regularly participate in a public
Q59: A security auditor is reviewing vulnerability scan
Q60: A security analyst is using a recently
Q61: An organization wants to implement a third
Q62: During an incident response, a security analyst
Q63: Which of the following cloud models provides