CFR-410 Questions Bank

Dealing with systems that are suspected to be used to commit a crime: Incident response involves addressing systems that may be involved in criminal activity, helping to contain and investigate the incident.

Collecting data from computer media: This is a key part of the evidence-gathering phase of incident response, where forensic data is collected to understand the extent of the incident.

Dealing with systems suspected to be the victim of a crime: Incident response includes handling systems that are compromised or victims of a crime to prevent further damage and to restore security.

Volatility is a powerful memory forensics tool used to analyze a system's physical memory (RAM). It allows investigators to extract valuable information from memory dumps, such as running processes, network connections, and other artifacts that are crucial in a digital forensics investigation.

The full weekly backup with daily incremental backups strategy results in the shortest backup time during weekdays and uses the least amount of storage space because it only backs up data that has changed since the last backup. However, the restore time can be longer because multiple incremental backups need to be restored in sequence before the most recent data can be recovered.

In Linux, log entries for auditd (the audit daemon) are written to /var/log/audit/audit.log. This file contains detailed information about system activity, including security-related events, which is essential for auditing and monitoring purposes.