Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

CompTIA Exam CAS-004 Topic 1 Question 52 Discussion

Actual exam question for CompTIA's CAS-004 exam
Question #: 52
Topic #: 1
[All CAS-004 Questions]

A forensics investigator is analyzing an executable file extracted from storage media that was submitted (or evidence The investigator must use a tool that can identify whether the executable has indicators, which may point to the creator of the file Which of the following should the investigator use while preserving evidence integrity?

Show Suggested Answer Hide Answer
Suggested Answer: D

ssdeep is a tool that computes and matches Context Triggered Piecewise Hashing (CTPH), also known as fuzzy hashing. It can be used to identify similar files or slight variations of the same file, which may point to the creator of the file if certain patterns or markers are consistently present. This method allows for integrity checking without altering the evidence, which is critical in forensic investigation.


Contribute your Thoughts:

Pedro
6 months ago
I agree with Dacia, SHA-3 is a secure hashing algorithm that can help preserve evidence integrity.
upvoted 0 times
...
Phil
6 months ago
Haha, I bet the answer is D. ssdeep is the tool that sounds the most like a superhero sidekick. How can you not choose that one?
upvoted 0 times
Kenneth
5 months ago
I'm going with D. ssdeep does sound like a superhero sidekick!
upvoted 0 times
...
Jill
5 months ago
I disagree, I believe the answer is A. idd is commonly used for digital forensics.
upvoted 0 times
...
Yuriko
5 months ago
I think the answer is C. SHA-3 is a secure hash algorithm.
upvoted 0 times
...
...
Dacia
6 months ago
I think the investigator should use SHA-3.
upvoted 0 times
...
Sherell
6 months ago
Gotta be D, ssdeep. Can't go wrong with a tool that's specially designed for forensics investigations, right?
upvoted 0 times
...
Youlanda
6 months ago
D for sure. ssdeep is the way to go when you need to analyze executable files and not mess up the evidence.
upvoted 0 times
...
Carmen
6 months ago
Hmm, I think the answer is D. ssdeep seems like the right tool for identifying file signatures and preserving evidence integrity.
upvoted 0 times
Carlton
5 months ago
Yes, ssdeep can definitely help preserve evidence integrity in this case.
upvoted 0 times
...
Dorothea
6 months ago
I've heard that bcrypt is commonly used for hashing passwords, not sure if it's the best choice for this scenario.
upvoted 0 times
...
Rosenda
6 months ago
I think SHA-3 could also be a good option for preserving evidence integrity.
upvoted 0 times
...
Dean
6 months ago
I agree, ssdeep is a great tool for identifying file signatures.
upvoted 0 times
...
Leatha
6 months ago
Yes, ssdeep can definitely help in preserving evidence integrity.
upvoted 0 times
...
Elenora
6 months ago
I agree, ssdeep is a great tool for identifying file signatures.
upvoted 0 times
...
Glenn
6 months ago
I agree, ssdeep is a great tool for identifying file signatures.
upvoted 0 times
...
Selma
6 months ago
Yes, ssdeep can definitely help in preserving evidence integrity.
upvoted 0 times
...
Daniela
6 months ago
I agree, ssdeep is a great tool for identifying file signatures.
upvoted 0 times
...
...

Save Cancel