A cybersecurity analyst has been called to a crime scene that contains several technology items including a computer. Which technique will be used so that the information found on the computer can be used in court?

A cybersecurity analyst has been called to a crime scene that contains several technology items including a computer. Which technique will be used so that the information found on the computer can be used in court?

• Tor
• rootkit
• unaltered disk image
• log collection

Explanation: A normal file copy does not recover all data on a storage device so an unaltered disk image is commonly made. An unaltered disk image preserves the original evidence, thus preventing inadvertent alteration during the discovery phase. It also allows recreation of the original evidence.

Exam with this question: Checkpoint Exam: Analyzing Security Data Group Exam
Exam with this question: CCNA SECOPS 210-255 Dumps – Certification Practice Exam Answers
More Questions: CyberOps Associate (Version 1.0) - CyberOps Associate (200-201) Certification Practice Exam
Exam with this question: Checkpoint Exam: Incident Response Answers