Which of the following procedures should the administrator perform FIRST on the system?

An intrusion has occurred in an internet facing system. The security administrator would like to
gather forensic evidence while the system is still in operation. Which of the following procedures
should the administrator perform FIRST on the system?

An intrusion has occurred in an internet facing system. The security administrator would like to
gather forensic evidence while the system is still in operation. Which of the following procedures
should the administrator perform FIRST on the system?

A.
Make a drive image

B.
Take hashes of system data

C.
Collect information in RAM

D.
Capture network traffic

Show Hint

Leave a Reply 2

Your email address will not be published. Required fields are marked *

seventeen − two =

Anon

Anon

C.

In accordance to the order of volatility.

Reply

Curly

Curly

gather forensic evidence while the system is still in operation
Network traffic is still in operation
answer D:

Reply