SY0-701 · Question #290
SY0-701 Question #290: Real Exam Question with Answer & Explanation
The correct answer is A: Order of volatility. When conducting a forensic analysis after an incident, it's essential to prioritize the data collection process based on the "order of volatility." This principle dictates that more volatile data (e.g., data in memory, network connections) should be captured before less volatile
Question
Which of the following is a reason why a forensic specialist would create a plan to preserve data after an modem and prioritize the sequence for performing forensic analysis?
Options
- AOrder of volatility
- BPreservation of event logs
- CChain of custody
- DCompliance with legal hold
Explanation
When conducting a forensic analysis after an incident, it's essential to prioritize the data collection process based on the "order of volatility." This principle dictates that more volatile data (e.g., data in memory, network connections) should be captured before less volatile data (e.g., disk drives, logs). The idea is to preserve the most transient and potentially valuable evidence first, as it is more likely to be lost or altered quickly.
Community Discussion
No community discussion yet for this question.