ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam
Go to Exam

Exam CAS-004 topic 1 question 596 discussion

Actual exam question from CompTIA's CAS-004
Question #: 596
Topic #: 1
[All CAS-004 Questions]

A forensics investigator is collecting evidence from desktop computers that were possibly used for criminal activity. Which of the following tools should be used first when reviewing the computers?

  • A. ExifTool
  • B. Foremost
  • C. Volatility
  • D. The Sleuth Kit
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Steel16 at March 11, 2025, 12:26 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Bright07
3 weeks, 1 day ago
Selected Answer: D
The Sleuth Kit (TSK) is a collection of open-source command-line tools that allow you to investigate disk images and recover files from them. It allows examining the file system, recovering deleted files, and analyzing the disk image for potential evidence. TSK is a suitable choice for the first step in a forensic investigation because it provides a foundation for understanding the system's file structure, timeline analysis, and identification of potential areas of interest for further investigation.
upvoted 2 times
...
Steel16
1 month, 1 week ago
Selected Answer: D
o The Sleuth Kit is a collection of open-source tools designed for forensic disk imaging and analysis. It allows investigators to examine file systems, recover deleted files, and investigate other artifacts on a computer. This makes it a crucial initial tool for examining potentially compromised systems, especially when looking for evidence stored on the computer itself.
upvoted 2 times
Steel16
1 month, 1 week ago
o C. Volatility: Volatility is a memory analysis tool designed to examine volatile data (data stored in RAM) when a system is powered off. This is valuable for investigating recent activity or capturing ephemeral data that might not be preserved on the hard drive. However, since the question mentions reviewing desktop computers, which primarily involves persistent data on storage devices, Volatility wouldn't be the first choice for initial examination.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago