PrepAway - Latest Free Exam Questions & Answers

which of the following actions would MOST likely result in the destruction or corruption of evidence on a comp

During the collection of forensic evidence, which of the following actions would MOST likely result
in the destruction or corruption of evidence on a compromised system?

PrepAway - Latest Free Exam Questions & Answers

A.
Dumping the memory content to a file

B.
Generating disk images of the compromised system

C.
Rebooting the system

D.
Removing the system from the network

Explanation:

Rebooting the system may result in a change in the system state and the loss of files and
important evidence stored in memory. The other choices are appropriate actions for preserving
evidence.


Leave a Reply