Which term refers to the process of gathering evidence and identifying methods used in an incident or attack?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Study for the Network Security Instructional Terminology Test. Enhance your knowledge with multiple choice questions, each accompanied by hints and explanations. Ensure readiness for your exam!

Multiple Choice

Which term refers to the process of gathering evidence and identifying methods used in an incident or attack?

Explanation:
Forensic investigation is the process of gathering evidence and identifying methods used in an incident or attack. In security, this means collecting and preserving digital artifacts such as logs, disk images, memory dumps, and network captures, then analyzing them to reconstruct what happened, when it happened, and which tools or techniques the attacker employed. It also involves maintaining chain of custody so the evidence remains admissible and following a structured workflow to map attacker TTPs (techniques, techniques, and procedures). This helps determine the attack vector, affected systems, and the scope, and supports any legal or compliance needs. The other terms refer to people or software rather than the investigative process: a hacker is a person who breaks into systems, and grey-hat hackers and grayware describe individuals or software that fall into less clear ethical or functional categories.

Forensic investigation is the process of gathering evidence and identifying methods used in an incident or attack. In security, this means collecting and preserving digital artifacts such as logs, disk images, memory dumps, and network captures, then analyzing them to reconstruct what happened, when it happened, and which tools or techniques the attacker employed. It also involves maintaining chain of custody so the evidence remains admissible and following a structured workflow to map attacker TTPs (techniques, techniques, and procedures). This helps determine the attack vector, affected systems, and the scope, and supports any legal or compliance needs. The other terms refer to people or software rather than the investigative process: a hacker is a person who breaks into systems, and grey-hat hackers and grayware describe individuals or software that fall into less clear ethical or functional categories.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy