A security analyst received a compromised workstation. Its hard drive may contain evidence of criminal activities. Which of the following is the FIRST thing the analyst must do to ensure the integrity of the hard drive while performing the analysis?

Friday, April 9, 2021

A security analyst received a compromised workstation. Its hard drive may contain evidence of criminal activities. Which of the following is the FIRST thing the analyst must do to ensure the integrity of the hard drive while performing the analysis?

Ranjitkumar Techlanda Unanswered No comments

A security analyst received a compromised workstation. Its hard drive may contain evidence of criminal activities. Which of the following is the FIRST thing the analyst must do to ensure the integrity of the hard drive while performing the analysis?

Use write blockers.
Make a copy of the hard drive.
Install it on a different machine and explore the content.
Run rm R command to create a hash.

A security analyst received a compromised workstation. Its hard drive may contain evidence of criminal activities. Which of the following is the FIRST thing the analyst must do to ensure the integrity of the hard drive while performing the analysis?

EXPLANATION

If you try to make a copy of the disk without the write blockers, you run risk of adding more data than already is into the hard drive.

SOURCE

https://comptiaexamtest.com/CySA+CS0-001/comptia-cysa-cs0-001-question010/

Share:

0 comments:

Post a Comment