ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam
Go to Exam

Exam CAS-004 topic 1 question 308 discussion

Actual exam question from CompTIA's CAS-004
Question #: 308
Topic #: 1
[All CAS-004 Questions]

A forensic investigator started the process of gathering evidence on a laptop in response to an incident. The investigator took a snapshot of the hard drive, copied relevant log files, and then performed a memory dump. Which of the following steps in the process should have occurred FIRST?

  • A. Preserve secure storage.
  • B. Clone the disk.
  • C. Collect the most volatile data.
  • D. Copy the relevant log files.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by CXSSP at Sept. 10, 2023, 8:33 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ElDirec
10 months, 4 weeks ago
Selected Answer: C
The first step in the process should have been C. Collect the most volatile data. In digital forensics, the order of volatility (OOV) is a concept that guides the process of evidence gathering. According to this concept, data that is most likely to change or be lost should be collected first. In the context of a computer system, the most volatile data is typically in the system’s memory (RAM), which is lost when the system is powered off or restarted. Therefore, a memory dump should be one of the first steps in a forensic investigation.
upvoted 2 times
...
CraZee
11 months, 1 week ago
Selected Answer: C
ChatGPT 3.5 and I concur...answer is C
upvoted 1 times
...
CXSSP
1 year, 3 months ago
Selected Answer: C
C. Collect the most volatile data. When conducting a forensic investigation in response to an incident, the first step should be to collect the most volatile data. Volatile data is information that resides in temporary storage and is lost when the system is powered off or restarted. This data is highly valuable for investigations because it can provide insights into active processes, network connections, and other critical information about the state of the system at the time of the incident.
upvoted 1 times
...
CXSSP
1 year, 3 months ago
C. Collect the most volatile data. When conducting a forensic investigation in response to an incident, the first step should be to collect the most volatile data. Volatile data is information that resides in temporary storage and is lost when the system is powered off or restarted. This data is highly valuable for investigations because it can provide insights into active processes, network connections, and other critical information about the state of the system at the time of the incident.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel