4_5_4 Section 5 – Operations and Incident Response - 4.5 – Digital Forensics- Managing Evidence

What type of information might we gather from threat reports or third-party sources?

Business, geographic, or country-specific information (correct)
Information about a specific company's financial performance
Only information about open source intelligence
Only information about strategic counterintelligence

What is the main goal of performing strategic counterintelligence?

To identify and disrupt someone gathering information on us (correct)
To gather threat intelligence on foreign operations
To track trends in threat intelligence over time
To create internal threat reports

What is the term for gathering information about a potential threat over an extended period of time?

Strategic counterintelligence
OSINT
Threat intelligence
Tracking trends (correct)

What is the term for information gathered from publicly available sources?

Open source intelligence (C) Signup and view all the answers

What is the ultimate goal of gathering and analyzing threat intelligence?

To understand and prepare for potential threats (A) Signup and view all the answers

What is the primary purpose of creating a hash of collected data?

To verify that the data remains unchanged during analysis (B) Signup and view all the answers

What is the term used to describe the documentation of the original source of data?

Provenance (A) Signup and view all the answers

What is the purpose of a checksum in data communication?

To ensure the data is transmitted without corruption (C) Signup and view all the answers

What technology can be used to provide detailed tracking of data provenance?

Blockchain (D) Signup and view all the answers

What is the term used to describe the process of tracking the movement of data over time?

Chain of custody (A) Signup and view all the answers

What is the purpose of verifying a hash during data analysis?

To ensure the data has not been tampered with (D) Signup and view all the answers

What is the purpose of creating a copy of the original source of data?

To preserve the data and verify its integrity (D) Signup and view all the answers

What is the challenge of imaging storage drives with full disk encryption?

Powering down the system could cause data inaccessibility (D) Signup and view all the answers

What is the primary focus of e-discovery?

Gathering requested data and providing it to authorities (A) Signup and view all the answers

What is the relationship between e-discovery and digital forensics?

E-discovery often works in conjunction with digital forensics (C) Signup and view all the answers

What is the goal of data recovery in digital forensics?

To recover deleted files and data (D) Signup and view all the answers

What is the significance of non-repudiation in data gathering?

It verifies the authenticity of the data sender (A) Signup and view all the answers

What is the difference between a message authentication code and a digital signature?

A digital signature is used for authentication, while a message authentication code is used for non-repudiation (C) Signup and view all the answers

What is the primary goal of strategic intelligence in data gathering?

To gather threat information about a specific domain (D) Signup and view all the answers

What is the purpose of verifying the data gathering process in a court of law?

To ensure the data was gathered using best practices (D) Signup and view all the answers

What is the risk of powering down a system with full disk encryption?

The data may be inaccessible (D) Signup and view all the answers