Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA Exam CAS-004 Topic 1 Question 48 Discussion

Actual exam question for CompTIA's CAS-004 exam
Question #: 48
Topic #: 1
[All CAS-004 Questions]

A forensics investigator is analyzing an executable file extracted from storage media that was submitted (or evidence The investigator must use a tool that can identify whether the executable has indicators, which may point to the creator of the file Which of the following should the investigator use while preserving evidence integrity?

Show Suggested Answer Hide Answer
Suggested Answer: D

ssdeep is a tool that computes and matches Context Triggered Piecewise Hashing (CTPH), also known as fuzzy hashing. It can be used to identify similar files or slight variations of the same file, which may point to the creator of the file if certain patterns or markers are consistently present. This method allows for integrity checking without altering the evidence, which is critical in forensic investigation.


by Portia at Apr 23, 2024, 06:48 PM

Limited Time Offer

25%

Off

Get Premium CAS-004 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Kerrie
3 months ago
That's a good point, ssdeep could provide valuable insight in this investigation.
upvoted 0 times
...
Shalon
3 months ago
I would personally go with ssdeep, as it can help in identifying similar files and determine if the executable has been altered.
upvoted 0 times
...
Amos
4 months ago
I agree with SHA-3 is a secure hashing algorithm that would be useful in this case.
upvoted 0 times
...
Kerrie
4 months ago
I think the investigator should use SHA-3 for preserving evidence integrity.
upvoted 0 times
...
Lettie
4 months ago
ssdeep could also be useful for identifying indicators in the executable file.
upvoted 0 times
...
Dean
5 months ago
What about using ssdeep? Would that be helpful in this case?
upvoted 0 times
...
Mattie
5 months ago
I think SHA-3 would be a good choice to maintain evidence integrity.
upvoted 0 times
...
Lettie
5 months ago
Should we use SHA-3 for analyzing the executable file?
upvoted 0 times
Mira
4 months ago
B) bcrypt might not be the best option for this specific scenario.
upvoted 0 times
...
Alaine
4 months ago
We should consider using a combination of different tools to ensure accuracy.
upvoted 0 times
...
Shenika
4 months ago
A) idd could also provide valuable insights during the analysis.
upvoted 0 times
...
Xochitl
4 months ago
I think using multiple tools would be beneficial in this case.
upvoted 0 times
...
Glenn
4 months ago
D) ssdeep is another tool that can help in identifying creator indicators.
upvoted 0 times
...
Barrie
4 months ago
E) dcfldd can also be used to analyze the executable file.
upvoted 0 times
...
Fallon
4 months ago
C) SHA-3 is a good option for preserving evidence integrity.
upvoted 0 times
...
...

Save Cancel