Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

CompTIA Exam CAS-004 Topic 1 Question 48 Discussion

Actual exam question for CompTIA's CAS-004 exam
Question #: 48
Topic #: 1
[All CAS-004 Questions]

A forensics investigator is analyzing an executable file extracted from storage media that was submitted (or evidence The investigator must use a tool that can identify whether the executable has indicators, which may point to the creator of the file Which of the following should the investigator use while preserving evidence integrity?

Show Suggested Answer Hide Answer
Suggested Answer: D

ssdeep is a tool that computes and matches Context Triggered Piecewise Hashing (CTPH), also known as fuzzy hashing. It can be used to identify similar files or slight variations of the same file, which may point to the creator of the file if certain patterns or markers are consistently present. This method allows for integrity checking without altering the evidence, which is critical in forensic investigation.


Contribute your Thoughts:

Kerrie
6 months ago
That's a good point, ssdeep could provide valuable insight in this investigation.
upvoted 0 times
...
Shalon
7 months ago
I would personally go with ssdeep, as it can help in identifying similar files and determine if the executable has been altered.
upvoted 0 times
...
Amos
7 months ago
I agree with SHA-3 is a secure hashing algorithm that would be useful in this case.
upvoted 0 times
...
Kerrie
7 months ago
I think the investigator should use SHA-3 for preserving evidence integrity.
upvoted 0 times
...
Lettie
8 months ago
ssdeep could also be useful for identifying indicators in the executable file.
upvoted 0 times
...
Dean
8 months ago
What about using ssdeep? Would that be helpful in this case?
upvoted 0 times
...
Mattie
8 months ago
I think SHA-3 would be a good choice to maintain evidence integrity.
upvoted 0 times
...
Lettie
8 months ago
Should we use SHA-3 for analyzing the executable file?
upvoted 0 times
Mira
7 months ago
B) bcrypt might not be the best option for this specific scenario.
upvoted 0 times
...
Alaine
7 months ago
We should consider using a combination of different tools to ensure accuracy.
upvoted 0 times
...
Shenika
8 months ago
A) idd could also provide valuable insights during the analysis.
upvoted 0 times
...
Xochitl
8 months ago
I think using multiple tools would be beneficial in this case.
upvoted 0 times
...
Glenn
8 months ago
D) ssdeep is another tool that can help in identifying creator indicators.
upvoted 0 times
...
Barrie
8 months ago
E) dcfldd can also be used to analyze the executable file.
upvoted 0 times
...
Fallon
8 months ago
C) SHA-3 is a good option for preserving evidence integrity.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77