Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

CompTIA Exam CAS-004 Topic 1 Question 48 Discussion

Actual exam question for CompTIA's CAS-004 exam
Question #: 48
Topic #: 1
[All CAS-004 Questions]

A forensics investigator is analyzing an executable file extracted from storage media that was submitted (or evidence The investigator must use a tool that can identify whether the executable has indicators, which may point to the creator of the file Which of the following should the investigator use while preserving evidence integrity?

Show Suggested Answer Hide Answer
Suggested Answer: D

ssdeep is a tool that computes and matches Context Triggered Piecewise Hashing (CTPH), also known as fuzzy hashing. It can be used to identify similar files or slight variations of the same file, which may point to the creator of the file if certain patterns or markers are consistently present. This method allows for integrity checking without altering the evidence, which is critical in forensic investigation.


by Portia at Apr 23, 2024, 06:48 PM

Limited Time Offer

25%

Off

Get Premium CAS-004 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Lettie
4 days ago
ssdeep could also be useful for identifying indicators in the executable file.
upvoted 0 times
...
Dean
5 days ago
What about using ssdeep? Would that be helpful in this case?
upvoted 0 times
...
Mattie
6 days ago
I think SHA-3 would be a good choice to maintain evidence integrity.
upvoted 0 times
...
Lettie
7 days ago
Should we use SHA-3 for analyzing the executable file?
upvoted 0 times
Glenn
2 hours ago
D) ssdeep is another tool that can help in identifying creator indicators.
upvoted 0 times
...
Barrie
1 days ago
E) dcfldd can also be used to analyze the executable file.
upvoted 0 times
...
Fallon
2 days ago
C) SHA-3 is a good option for preserving evidence integrity.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77