An executive has leaked the company trade secrets through an external drive. What process should the investigation team take if they could retrieve his system?
The other options are not directly related to this scenario:
B. Real-Time Analysis: Involves monitoring a system or network in real-time to detect and respond to incidents as they occur.
C. Packet Analysis: Involves analyzing network traffic packet by packet to understand communication patterns and identify potential security issues.
D. Malware Analysis: Involves analyzing malware samples to understand their behavior, capabilities, and potential impact.
The correct answer is A. Postmortem Analysis.
Postmortem analysis, also known as dead box analysis, is a digital forensic process that involves analyzing a computer system or device after an incident has occurred, in this case, the leak of company trade secrets through an external drive. The goal of postmortem analysis is to reconstruct the events leading up to and during the incident, identify the source and scope of the leak, and gather evidence for potential legal action.
If the investigation team can retrieve the executive's system, they would perform a postmortem analysis to:
Image the hard drive or collect a bit-for-bit copy of the data
Analyze the file system, registry, and other data structures
Look for evidence of data exfiltration, such as files copied to external drives or uploaded to cloud storage
Check for any malware or unauthorized access
Reconstruct the executive's activities leading up to the leak
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
aqeel1506
4 months, 1 week agoaqeel1506
4 months, 1 week ago