Which type of media should the IR team be handling as they seek to understand the root cause of an incident?

GCED 0 Comments

Which type of media should the IR team be handling as they seek to understand the root cause of an incident?
A . Restored media from full backup of the infected host
B . Media from the infected host, copied to the dedicated IR host
C . Original media from the infected host
D . Bit-for-bit image from the infected host

Answer: A

Explanation:

By imaging the media with tools such as dd or Ghost and analyzing the copy, you preserve the original media for later analysis so that the results can be recreated by another competent examiner if necessary.

Latest GCED Dumps Valid Version with 88 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download GCED PDF     GCED Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments