Computer Lab for Rent
Meeting Room Rental
Training Facility Rental
Exam Testing Center
Purchase Exam Vouchers
Custom Course Development
Who We Are
Work With Us
Incident Handling for Practitioners Quiz
Incident Handling for Practitioners
Step 1 of 11
Select all that apply: What is the first step of incident handling?
What type of examination tools identifies images and files with hidden data inside other files?
Volatile data capture tools
Log management tools
What operating system do you not use in forensics?
When using EnCase, you have the ability to?
Recover files and partitions
Identify data origination, user activity, data access dates
All of the above
Generate high-level reports of metadata to analyze system activity
Identify deleted files
Which UNIX/Linux command or tool enables you to search for patterns of information with regular expressions as a forensic analyst or incident handler?
None of the above
System Monitor (Sysmon) of the Sysinternals toolset for Windows systems, proves valuable for incident handlers because it can?
Hide its presence from potential malware and other system threats
None of the above
Record process creation, network connections, and file creation time data in the system background
Capture packets from network activity for later analysis
What forensics software enables an examiner to view data and preserve evidence integrity with accepted file types for use in the court of law?
Wireshark can decrypt IEEE 802.11 WLAN data and user specified encryption keys?
In the Containment focus area, if data is being deleted, what is your first action?
Contact the System Owner
Back up system data
Capture volatile real-time data
Pull the power plug from the wall
When in the forensics process, what are the four main data sources?