CySA Review 7 & 8

George gathered forensics from a recent intrusion in preparation for legal proceedings. He used EnCase to gather the digital forensics, cloned the hard drive, and took the hard drive home for further analysis. Which of the following did he violate?

George identified 3 Mycc computers that are infected with malware and Windows Defender was unable to detect it. Where is the BEST place to acquire evidence to perform data carving?

What would you use to verify that a disk image you created has not been altered

Which four phases outline the procedures involved in a forensics investigation? (select four)

To preserve evidence of a temporary file system mounted to a host, which system device must you target for evidence collection?

During an incident response, George obtained evidence from the hard drive of a hacked server. What should he do to ensure the data integrity of the evidence?

What is the first thing that needs to be done when starting an investigation into a cyber security event?

Process of extracting data (file) out of undifferentiated blocks (raw data)

George has been alerted to several emails that show evidence an employee is planning malicious activities that involve employee PII on the network before leaving the organization. George's BEST response would be to coordinate with the legal department and:

Which of the following would MOST likely be included in the incident response procedure after a security breach of customer PII?