Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

CompTIA Exam CAS-004 Topic 1 Question 48 Discussion

Actual exam question for CompTIA's CAS-004 exam
Question #: 48
Topic #: 1
[All CAS-004 Questions]

A forensics investigator is analyzing an executable file extracted from storage media that was submitted (or evidence The investigator must use a tool that can identify whether the executable has indicators, which may point to the creator of the file Which of the following should the investigator use while preserving evidence integrity?

Show Suggested Answer Hide Answer
Suggested Answer: D

ssdeep is a tool that computes and matches Context Triggered Piecewise Hashing (CTPH), also known as fuzzy hashing. It can be used to identify similar files or slight variations of the same file, which may point to the creator of the file if certain patterns or markers are consistently present. This method allows for integrity checking without altering the evidence, which is critical in forensic investigation.


by Portia at Apr 23, 2024, 06:48 PM

Limited Time Offer

25%

Off

Get Premium CAS-004 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Kerrie
11 months ago
That's a good point, ssdeep could provide valuable insight in this investigation.
upvoted 0 times
...
Shalon
11 months ago
I would personally go with ssdeep, as it can help in identifying similar files and determine if the executable has been altered.
upvoted 0 times
...
Amos
12 months ago
I agree with SHA-3 is a secure hashing algorithm that would be useful in this case.
upvoted 0 times
...
Kerrie
12 months ago
I think the investigator should use SHA-3 for preserving evidence integrity.
upvoted 0 times
...
Lettie
1 years ago
ssdeep could also be useful for identifying indicators in the executable file.
upvoted 0 times
...
Dean
1 years ago
What about using ssdeep? Would that be helpful in this case?
upvoted 0 times
...
Mattie
1 years ago
I think SHA-3 would be a good choice to maintain evidence integrity.
upvoted 0 times
...
Lettie
1 years ago
Should we use SHA-3 for analyzing the executable file?
upvoted 0 times
Mira
1 years ago
B) bcrypt might not be the best option for this specific scenario.
upvoted 0 times
...
Alaine
1 years ago
We should consider using a combination of different tools to ensure accuracy.
upvoted 0 times
...
Shenika
1 years ago
A) idd could also provide valuable insights during the analysis.
upvoted 0 times
...
Xochitl
1 years ago
I think using multiple tools would be beneficial in this case.
upvoted 0 times
...
Glenn
1 years ago
D) ssdeep is another tool that can help in identifying creator indicators.
upvoted 0 times
...
Barrie
1 years ago
E) dcfldd can also be used to analyze the executable file.
upvoted 0 times
...
Fallon
1 years ago
C) SHA-3 is a good option for preserving evidence integrity.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77