A technician is conducting a forensics analysis on a computer system. Which step should be taken first?
  1. Get a binary copy of the system
  2. Search for Trojans
  3. Look for hidden files
  4. Analyze temporary files
Explanation
Answer - A - The first step in the forensic analysis of an infected system is to obtain the binary copy of the system.

Key Takeaway: A system cannot be analyzed or searched for evidence using a simple file copy. The investigators need to obtain the binary copy to preserve evidence. This copy must be tamper-proof and must be capable of independent verification.
Was this helpful? Upvote!
Login to contribute your own answer or details

Top questions

Related questions

Most popular on PracticeQuiz