What is forensics in security and what basic evidence handling principles exist?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the DSAC-11 Annex C Test with real-time quizzes and multiple-choice questions. Each question offers hints and explanations to enhance your preparedness. Boost your confidence and ensure success in your DSAC-11 Annex C exam!

Multiple Choice

What is forensics in security and what basic evidence handling principles exist?

Explanation:
Forensics in security is about investigating security incidents by collecting, preserving, and analyzing evidence to determine what happened and to support actions taken by an organization or in legal contexts. The key ideas in basic evidence handling are about keeping the evidence trustworthy and usable. First, establish a chain of custody so every person who handles the data is documented, including what was done, when, and by whom. This creates a verifiable trail that supports the integrity of the evidence. Next, avoid modifying the evidence; anything added or altered can ruin its credibility and legal value. Thorough documentation of every step taken during the investigation is essential so others can reproduce the work and understand how conclusions were reached. In digital investigations, this often involves making exact copies of data, using write blockers when accessing original storage, calculating and verifying cryptographic hashes, and storing copies securely with controlled access. These practices ensure the evidence remains as close as possible to its original state and remains admissible and reliable for any review or court case. Releasing evidence to the media is not part of proper evidence handling and can reveal sensitive information or jeopardize the investigation. Designing security controls and altering logs are separate activities that aren’t about preserving and presenting evidence forensically.

Forensics in security is about investigating security incidents by collecting, preserving, and analyzing evidence to determine what happened and to support actions taken by an organization or in legal contexts. The key ideas in basic evidence handling are about keeping the evidence trustworthy and usable.

First, establish a chain of custody so every person who handles the data is documented, including what was done, when, and by whom. This creates a verifiable trail that supports the integrity of the evidence. Next, avoid modifying the evidence; anything added or altered can ruin its credibility and legal value. Thorough documentation of every step taken during the investigation is essential so others can reproduce the work and understand how conclusions were reached. In digital investigations, this often involves making exact copies of data, using write blockers when accessing original storage, calculating and verifying cryptographic hashes, and storing copies securely with controlled access.

These practices ensure the evidence remains as close as possible to its original state and remains admissible and reliable for any review or court case. Releasing evidence to the media is not part of proper evidence handling and can reveal sensitive information or jeopardize the investigation. Designing security controls and altering logs are separate activities that aren’t about preserving and presenting evidence forensically.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy