U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Eccouncil 312-49v11 Exam - Topic 5 Question 6 Discussion

During a forensic investigation of a compromised system, the investigator is analyzing various forensic artifacts to determine the nature and scope of the attack. The investigator is specifically looking for information related to failed sign-in attempts, security policy changes, alerts from intrusion detection systems, and unusual application malfunctions.Which type of forensic artifact is most likely to contain this critical information?
D) Log file anomalies that provide detailed records of events and errors on the device.
A) Cryptographic artifacts that store information about encryption and decryption operations.
B) Browser artifacts that track user browsing history and website interactions.
C) Process and memory artifacts that contain information about running processes and system memory.

Eccouncil 312-49v11 Exam - Topic 5 Question 6 Discussion

Actual exam question for Eccouncil's 312-49v11 exam
Question #: 6
Topic #: 5
[All 312-49v11 Questions]

During a forensic investigation of a compromised system, the investigator is analyzing various forensic artifacts to determine the nature and scope of the attack. The investigator is specifically looking for information related to failed sign-in attempts, security policy changes, alerts from intrusion detection systems, and unusual application malfunctions.

Which type of forensic artifact is most likely to contain this critical information?

Show Suggested Answer Hide Answer
Suggested Answer: D

This question aligns directly with CHFI v11 objectives under Computer Forensics Fundamentals and Log Analysis. Log files are among the most critical forensic artifacts because they provide a chronological and authoritative record of system, security, and application events. CHFI v11 emphasizes that logs are essential for reconstructing attack timelines, identifying unauthorized access attempts, and determining the scope of a compromise.

Artifacts such as failed sign-in attempts, security policy modifications, IDS alerts, and application errors are routinely recorded in log sources including Windows Security logs, system logs, application logs, firewall logs, and IDS/IPS logs. These logs allow investigators to correlate events across systems, identify brute-force attacks, detect privilege escalation, and recognize abnormal behavior caused by malware or misconfiguration.

Cryptographic artifacts focus on key usage and encryption operations, browser artifacts relate to user web activity, and process or memory artifacts provide insight into live execution states---but none provide the comprehensive, event-based historical visibility required to answer all aspects of the question. CHFI v11 highlights log analysis as the primary method for understanding what happened, when it happened, how it happened, and who was involved. Therefore, log file anomalies are the most relevant and reliable forensic artifacts in this scenario.


Contribute your Thoughts:

0/2000 characters
Latonia
9 hours ago
Wow, I didn't realize log files were that crucial!
upvoted 0 times
...
Natalie
2 months ago
Not sure about that, D seems way more relevant.
upvoted 0 times
...
Alayna
2 months ago
I think C) Process and memory artifacts could also be useful.
upvoted 0 times
...
Florinda
2 months ago
Definitely D) Log file anomalies, they hold all the event records.
upvoted 0 times
...
Onita
2 months ago
A is irrelevant here, we need to focus on logs and processes.
upvoted 0 times
...
Carrol
2 months ago
I’m surprised they didn’t mention network traffic logs, those are crucial too!
upvoted 0 times
...
Tasia
2 months ago
Wait, are we really ignoring B? Browsing history can show a lot!
upvoted 0 times
...
Felton
3 months ago
I think C could also have some useful info, but D is stronger.
upvoted 0 times
...
Shala
3 months ago
Definitely D, log file anomalies are key for this.
upvoted 0 times
...
German
3 months ago
I’m a bit confused; I thought browser artifacts might have some useful info too, but I guess they’re more about user activity rather than security events.
upvoted 0 times
...
Luis
3 months ago
I practiced a question similar to this, and I believe log files are crucial for understanding the scope of an attack. They often contain the most relevant data.
upvoted 0 times
...
Amie
3 months ago
I'm not entirely sure, but I remember something about process and memory artifacts being useful for tracking running applications. Could they also show security alerts?
upvoted 0 times
...
Judy
3 months ago
I think log file anomalies might be the right choice since they usually record events and errors, which could include failed sign-ins and security changes.
upvoted 0 times
...

Save Cancel