New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 ISSMP Exam - Topic 1 Question 15 Discussion

Actual exam question for ISC2's ISSMP exam
Question #: 15
Topic #: 1
[All ISSMP Questions]

Which of the following steps are generally followed in computer forensic examinations?

Each correct answer represents a complete solution. Choose three.

Show Suggested Answer Hide Answer
Suggested Answer: A, B, C

The following steps are generally followed in computer forensic examinations.

1.Acquire. In this step, the examiner gets an exact duplicate copy of the original data for investigation. The examiner leaves the original copy intact.

2.Authenticate. In this step, the investigator shows that the data is unchanged and has not been tampered.

3.Analyze. In this step, the examiner analyzes data carefully. The examiner recovers evidence by examining hard disk drives, hidden files, swap data, the Internet cache, and the Recycle bin.

Answer option D is incorrect. Encrypt is not a step followed in computer forensic examinations.


by Izetta at May 07, 2022, 05:03 PM

Limited Time Offer

25%

Off

Get Premium ISSMP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Dorothy
4 months ago
Really? I’m surprised those are the main steps!
upvoted 0 times
...
Laine
4 months ago
100% agree with A, B, and C!
upvoted 0 times
...
Keva
4 months ago
Wait, authenticate? Isn't that a bit tricky?
upvoted 0 times
...
Gary
4 months ago
I thought D was important too, but not for this.
upvoted 0 times
...
Tequila
5 months ago
Definitely A, B, and C!
upvoted 0 times
...
Carmen
5 months ago
"Encrypt" doesn't seem right to me; I don't remember it being part of the standard forensic process we practiced.
upvoted 0 times
...
Marci
5 months ago
I think "Authenticate" might be important as well, but I can't recall if it's one of the main steps we focused on in class.
upvoted 0 times
...
Leontine
5 months ago
I'm not entirely sure, but I feel like "Analyze" should be included too. It seems crucial for the examination process.
upvoted 0 times
...
Sherita
5 months ago
I remember we talked about the steps in computer forensics, and I think "Acquire" is definitely one of them.
upvoted 0 times
...
Darrel
5 months ago
This is a classic exam question - they're trying to trip us up with the wording. I'm pretty confident I know the right answer here, but I'll double-check the details just to be sure.
upvoted 0 times
...
Charolette
5 months ago
Process injection seems like the most likely answer here. That's a common technique for executing code while evading detection.
upvoted 0 times
...
Janella
5 months ago
I think the reverse proxy is the right answer since it directs incoming traffic to the appropriate application based on the request.
upvoted 0 times
...

Save Cancel