Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA Exam CAS-004 Topic 1 Question 48 Discussion

Actual exam question for CompTIA's CAS-004 exam
Question #: 48
Topic #: 1
[All CAS-004 Questions]

A forensics investigator is analyzing an executable file extracted from storage media that was submitted (or evidence The investigator must use a tool that can identify whether the executable has indicators, which may point to the creator of the file Which of the following should the investigator use while preserving evidence integrity?

Show Suggested Answer Hide Answer
Suggested Answer: D

ssdeep is a tool that computes and matches Context Triggered Piecewise Hashing (CTPH), also known as fuzzy hashing. It can be used to identify similar files or slight variations of the same file, which may point to the creator of the file if certain patterns or markers are consistently present. This method allows for integrity checking without altering the evidence, which is critical in forensic investigation.


by Portia at Apr 23, 2024, 06:48 PM

Limited Time Offer

25%

Off

Get Premium CAS-004 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Kerrie
10 months ago
That's a good point, ssdeep could provide valuable insight in this investigation.
upvoted 0 times
...
Shalon
11 months ago
I would personally go with ssdeep, as it can help in identifying similar files and determine if the executable has been altered.
upvoted 0 times
...
Amos
11 months ago
I agree with SHA-3 is a secure hashing algorithm that would be useful in this case.
upvoted 0 times
...
Kerrie
11 months ago
I think the investigator should use SHA-3 for preserving evidence integrity.
upvoted 0 times
...
Lettie
12 months ago
ssdeep could also be useful for identifying indicators in the executable file.
upvoted 0 times
...
Dean
12 months ago
What about using ssdeep? Would that be helpful in this case?
upvoted 0 times
...
Mattie
12 months ago
I think SHA-3 would be a good choice to maintain evidence integrity.
upvoted 0 times
...
Lettie
12 months ago
Should we use SHA-3 for analyzing the executable file?
upvoted 0 times
Mira
11 months ago
B) bcrypt might not be the best option for this specific scenario.
upvoted 0 times
...
Alaine
12 months ago
We should consider using a combination of different tools to ensure accuracy.
upvoted 0 times
...
Shenika
12 months ago
A) idd could also provide valuable insights during the analysis.
upvoted 0 times
...
Xochitl
12 months ago
I think using multiple tools would be beneficial in this case.
upvoted 0 times
...
Glenn
12 months ago
D) ssdeep is another tool that can help in identifying creator indicators.
upvoted 0 times
...
Barrie
12 months ago
E) dcfldd can also be used to analyze the executable file.
upvoted 0 times
...
Fallon
12 months ago
C) SHA-3 is a good option for preserving evidence integrity.
upvoted 0 times
...
...

Save Cancel