312-49v11 Exam Question 36

In a financial institution ' s computer forensic investigation, suspicious activity reveals unauthorized access to GLBA (Gramm-Leach-Bliley Act)-protected customer data, raising concerns for customer safety. However, identifying the breach ' s source and extent poses significant challenges, complicating compliance with GLBA guidelines.
What steps should be taken in a GLBA-covered computer forensic investigation when unauthorized access to sensitive customer data is discovered?
  • 312-49v11 Exam Question 37

    An investigator is reviewing an NTFS file system for evidence of file activity during a cybercrime investigation. The investigator uses The Sleuth Kit'sflsandmactimetools to extract and analyze timestamps related to file actions. These timestamps can provide critical insights into the sequence of events leading up to and during the incident. What kind of file information is the investigator likely focusing on to reconstruct the timeline?
  • 312-49v11 Exam Question 38

    During a security audit of a web application, suspicious activity indicative of a directory traversal attack is detected in the server logs. The attack appears to exploit vulnerabilities to gain unauthorized access to sensitive files and directories.
    In digital forensics, what is the primary objective of investigating a directory traversal attack?
  • 312-49v11 Exam Question 39

    You are a forensic investigator working for a cybersecurity firm tasked with analyzing a suspicious Microsoft Office document named "infected_doc." The document was discovered in an email attachment sent to multiple employees at a large corporation. Concerns have been raised about potential malware embedded within the document, particularly involving VBA macros.
    As a forensic investigator examining the "infected_doc" Microsoft Office document, what initial step would you take to identify suspicious or malicious components within the file?
  • 312-49v11 Exam Question 40

    During a forensic investigation into a recent security incident within an organization, the investigator is tasked with documenting every action taken with the evidence to ensure proper chain of custody. The investigator carefully documents every action taken with the evidence in a logbook. The evidence is tagged with unique identifiers to prevent confusion. A detailed chain of custody record is also created to track the evidence's movement and handling throughout the investigation. Which investigation step is the investigator performing in this scenario?