312-49v11 Exam Question 51

As a forensic investigator, you're looking into a case of industrial espionage at a manufacturing company. An insider is suspected of stealing proprietary CAD designs. The suspect ' s computer, which runs on a Windows OS, has been isolated. The company's IT team accidentally shut down the computer, which may have resulted in the loss of volatile data. In this context, what would be the best way to proceed with non-volatile data acquisition?
  • 312-49v11 Exam Question 52

    During a cybersecurity investigation, logs from a Cisco switch, VPN, and DNS server are collected.
    These logs contain valuable information about network activities and potential security breaches.
    In digital forensics, what role do Cisco switch, VPN, and DNS server logs play when analyzing network incidents?
  • 312-49v11 Exam Question 53

    During a forensic investigation into suspicious activities within an organization ' s AWS environment, the investigator uses Amazon CloudWatch to adjust the storage duration of specific log data sets. This action is crucial for managing the lifespan of logs and ensuring that critical logs are preserved for further analysis during the investigation. Which feature of Amazon CloudWatch is the investigator using in this scenario?
  • 312-49v11 Exam Question 54

    Following a forensics investigation, an organization is focused on implementing a comprehensive set of policies and procedures to effectively safeguard electronic data across its systems and networks. These policies are designed to ensure compliance with applicable legal, regulatory, and operational standards while also safeguarding the integrity of the data for future audits, investigations, or legal proceedings. This stage aims to establish clear guidelines for data retention, management of access, and long-term preservation.
    Which stage of the Electronic Discovery Reference Model (EDRM) cycle does this activity correspond to?
  • 312-49v11 Exam Question 55

    Camila, a forensic investigator, is working on a Linux machine that has been suspected of running malicious software. She wants to analyze the interactions between the running processes and the kernel, as these interactions could provide important clues about the behavior of the malware. To track the system calls made by the processes, she decides to use a tool that can intercept and record these system calls in real-time. Which tool should Camila use to monitor the system calls generated by processes on the system?