312-49v11 Exam Question 96

On the heels of a massive coordinated cyberattack, a multinational corporation called upon the services of veteran forensic investigator, Lisa. The attack infiltrated their MSSQL servers, and Lisa suspected the breach was a result of a sophisticated SQL Injection method that was executed from multiple sources and locations simultaneously. To determine the attack ' s origin, Lisa needs to not only collect but also examine the evidence files on the MSSQL server. To cope with the breach ' s scale and sophistication, which tool should Lisa rely on?
  • 312-49v11 Exam Question 97

    During a forensic investigation, the team is responsible for ensuring that the forensic laboratory remains secure. As part of the security protocols, the lab has implemented a system to record all visitors, including details such as name, address, time of visit, and the purpose of the visit. This helps maintain an accurate record of admittance and ensures that only authorized personnel can enter the facility. Which of the following considerations is being followed to maintain this level of security in the lab?
  • 312-49v11 Exam Question 98

    During a forensic investigation, an examiner is analyzing a suspect ' s Windows machine and needs to locate the Windows shortcut files (LNK files) that might provide information about recently opened files. Which directory location should the examiner examine to find these LNK files?
  • 312-49v11 Exam Question 99

    Tom, a digital forensics investigator, is assigned to investigate a potential insider threat at a company. He arrives at the scene to find that a workstation has been compromised. The suspect, a former employee, allegedly used a malicious USB device to access sensitive files before being caught. Tom quickly begins his investigation, and after isolating the workstation from the network, he powers up the system in a controlled environment. His first task is to collect data stored in the system ' s memory, including active processes, network connections, and clipboard content. Tom knows that this type of data can provide critical information about the actions of the suspect during the time of the attack. Why is Tom prioritizing this data over other types of evidence in this case?
  • 312-49v11 Exam Question 100

    During a routine digital investigation, forensic analysts suspect that sensitive information may be hidden within seemingly innocuous files. Despite extensive scanning and analysis, they are unable to detect any abnormalities using conventional surveillance techniques.
    What technique might attackers use to hide sensitive information within seemingly normal files, making it difficult for forensic investigators to detect?