FREE GCIA Incident Response and Forensics Questions and Answers
In digital forensics, what is the purpose of "chain of custody"?
The chain of custody is crucial for documenting the handling of digital evidence to ensure its integrity and admissibility in legal proceedings. It tracks who has accessed or handled the evidence and when, preventing tampering and ensuring authenticity.
What is the primary objective of an incident response plan?
The primary objective of an incident response plan is to ensure business continuity by effectively managing and mitigating the impact of security incidents.
Which of the following best describes a "root cause analysis" in the context of incident response?
Root cause analysis aims to identify the underlying reason or fundamental cause of a security incident, helping to address the source of the problem and prevent recurrence.
What is a common tool used for forensic analysis of file systems?
EnCase is a widely used tool for forensic analysis of file systems, allowing investigators to examine and analyze digital evidence.
Which step in the incident response process involves gathering evidence and documenting the incident?
During the Detection and Analysis phase, evidence is gathered and documented to understand the scope and nature of the incident.