PrepAway - Latest Free Exam Questions & Answers

Which of the following is the MOST likely reason why th…

The incident response team has received the following email message.
From: monitor@ext-company.com
To: security@company.com
Subject: Copyright infringement
A copyright infringement alert was triggered by IP address 13.10.66.5 at 09: 50: 01 GMT.
After reviewing the following web logs for IP 13.10.66.5, the team is unable to correlate and identify the incident.
09: 45: 33 13.10.66.5 http: //remote.site.com/login.asp?user=john
09: 50: 22 13.10.66.5 http: //remote.site.com/logout.asp?user=anne
10: 50: 01 13.10.66.5 http: //remote.site.com/access.asp?file=movie.mov
11: 02: 45 13.10.65.5 http: //remote.site.com/download.asp?movie.mov=ok
Which of the following is the MOST likely reason why the incident response team is unable to identify and
correlate the incident?

PrepAway - Latest Free Exam Questions & Answers

A.
The logs are corrupt and no longer forensically sound.

B.
Traffic logs for the incident are unavailable.

C.
Chain of custody was not properly maintained.

D.
Incident time offsets were not accounted for.

Explanation:
It is quite common for workstation times to be off slightly from actual time, and that can happen with servers as
well. Since a forensic investigation is usually dependent on a step-by-step account of what has happened,
being able to follow events in the correct time sequence is critical. Because of this, it is imperative to record the
time offset on each affected machine during the investigation. One method of assisting with this is to add an
entry to a log file and note the time that this was done and the time associated with it on the system.

PrepAway - Latest Free Exam Questions & Answers

Leave a Reply