The Chief Information Security Officer (CISO) of an e-retailer, which has an established security department, identifies a customer who has been using a fraudulent credit card. The CISO calls the local authorities, and when they arrive on-site, the authorities ask a security engineer to create a point-in-time copy of the running database in their presence. This is an example of:
A. creating a forensic image
B. deploying fraud monitoring
C. following a chain of custody
D. analyzing the order of volatility
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
A
none of the others are even close
“C. Chain of custody” is close as well.
It depends whether “*This* is an example of” designates the whole description or the last described action.
A. Forensic image
From CASP official prep book:
Capture forensic image and memory
One of the most important steps in computer forensic evidence procedures is to capture exact duplicates of the evidence, also known as forensic images. This is accomplished by making a bit-for-bit copy of a piece of media as an image file with high accuracy. In addition, dumping a system’s memory may reveal actionable evidence that would otherwise be lost when the system is powered down.
A. Forensic image
From CASP official prep book:
Capture forensic image and memory
One of the most important steps in computer forensic evidence procedures is to capture exact duplicates of the evidence, also known as forensic images. This is accomplished by making a bit-for-bit copy of a piece of media as an image file with high accuracy. In addition, dumping a system’s memory may reveal actionable evidence that would otherwise be lost when the system is powered down.