Forensic Evidence Collection Quiz

Reviewing system logs

Confiscation of devices

Using a forensic analysis tool

Reviewing user activity

Reviewing files and settings

Capturing data in active memory

Using a forensic analysis tool

Reviewing user activity

That the system is offline

That permission is granted

That all devices are confiscated

That malware analysis is complete

A malware analysis tool

A forensic analysis tool

A system imaging tool

A network scanning tool

To confiscate devices

To capture data in active memory

To identify user activity and system events

To agree on a network-testing methodology

Reviewing user activity

Analysing malware activity and alerts

Taking an image of the system

Reviewing files and settings

Ensuring the system is offline

Ensuring the testing protocol will not disrupt a live system

Ensuring all devices are confiscated

Ensuring malware analysis is complete

To confiscate devices

To recover corrupted data

To understand malware behaviour and alerts

To review system logs

Losing temporary files

Reviewing user activity

Using a forensic analysis tool

Reviewing files and settings

To confiscate devices

To ensure permission is granted

To identify and understand network activity and potential breaches

To capture data in active memory