nerdexam
ExamsCAS-003Questions#451
CompTIA

CAS-003 · Question #451

CAS-003 Question #451: Real Exam Question with Answer & Explanation

The correct answer is A: creating a forensic image. One of the most important steps in computer forensic evidence procedures is to capture exact duplicates of the evidence, also known as forensic images. This is accomplished by making a bit- for-bit copy of a piece of media as an image file with high accuracy. In addition, dumping

Question

The Chief Information Security Officer (CISO) of an established security department, identifies a customer who has been using a fraudulent credit card. The CISO calls the local authorities, and when they arrive on- site, the authorities ask a security engineer to create a point-in-time copy of the running database in their presence. This is an example of:

Options

  • Acreating a forensic image
  • Bdeploying fraud monitoring
  • Cfollowing a chain of custody
  • Danalyzing the order of volatility

Explanation

One of the most important steps in computer forensic evidence procedures is to capture exact duplicates of the evidence, also known as forensic images. This is accomplished by making a bit- for-bit copy of a piece of media as an image file with high accuracy. In addition, dumping a system’s memory may reveal actionable evidence that would otherwise be lost when the system is powered down.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-003 Practice