What is the MOST important step during forensic analysis when trying to learn the purpose of an unknown application?

– by 3

What is the MOST important step during forensic analysis when trying to learn the purpose of an unknown application?
A. Disable all unnecessary services
B. Ensure chain of custody
C. Prepare another backup of the system
D. Isolate the system from the network

Download Printable PDF. VALID exam to help you PASS.

3 thoughts on “What is the MOST important step during forensic analysis when trying to learn the purpose of an unknown application?

  2. D is the correct answer. The question is about forensic analysis of an application, not the entire system. If it was a system, you would make bit for bit clones of the original hard drive before conducting any tests. But since it’s an application, you’d want to test it in a sandbox environment, which is usually a system isolated from the production network.

    1
    Reply

  3. would say “C”, because when analyzing digital evidence, it’s best to work with a copy of the
    actual evidence whenever possible.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.