ECIH 212-89 Syllabus Exam Questions Answers

Anti-forensics techniques are designed to prevent, mislead, or interfere with the incident handling process, affecting the collection, preservation, and identification phases of the forensic investigation process. These techniques include methods to erase, encrypt, or alter information, make data recovery difficult, hide data (e.g., steganography), or otherwise obstruct forensic analysis and investigation efforts. Anti-forensics can significantly challenge the efforts of incident responders and forensic investigators in establishing the facts of a security incident or crime.References:The Incident Handler (ECIH v3) courses and study guides discuss various challenges in digital forensics, including anti-forensics methods and their impact on the effectiveness of forensic investigations.

Top of Form

In the context of digital evidence investigation, volatility refers to how quickly data can change or be lost when power is removed or systems are altered. Among the options provided, cache is the most volatile because it is temporary storage that is designed to speed up access to data and is frequently overwritten. Cache data resides in RAM and includes things like memory buffers, system and network information, and process execution data, which are lost upon reboot or power loss. This contrasts with disks, emails, and temp files, which are considered less volatile because they are stored on permanent or semi-permanent media and are less likely to be immediately lost or overwritten.References:The Incident Handler (ECIH v3) curriculum includes principles of digital evidence handling, which emphasizes the importance of collecting evidence in descending order of volatility to ensure that the most ephemeral data is preserved before it's lost.

Netcraft is a tool that provides internet security services, including the detection of phishing and spam emails. It offers a range of services that can help organizations identify fraudulent websites and phishing activities by analyzing web content and email messages for known phishing signatures and heuristics. This makes it a useful tool for incident handlers like Francis, who is tasked with detecting phishing and spam emails for clientorganizations. Other options listed, such as Nessus (a vulnerability scanner), BTCrack (a Bluetooth pin and link-key cracker), and Cain and Abel (a password recovery tool), do not specialize in detecting phishing or spam emails but serve different purposes in cybersecurity.References:The Incident Handler (ECIH v3) curriculum includes discussions on tools and methodologies for detecting and mitigating various cyber threats, including phishing and spam, highlighting tools like Netcraft for their utility in these areas.

Incident triage is the stage in the incident response process where the incident handler, like Mike, performs an initial assessment of the reported incident to determine its validity, severity, and potential impact. This includes analyzing the incident to verify if it is a genuine threat or a false positive. The purpose of incident triage is to prioritize incidents based on their criticality and ensure that resources are allocated effectively to address the most serious threats first. This stage is crucial for efficient incident management, as it helps in filtering out false alarms and focusing on real security incidents that require immediate attention.References:The ECIH v3 curriculum covers the incident response lifecycle, including the importance of incident triage as a key step in ensuring that incident handling efforts are focused on genuine security incidents, thereby optimizing the response process.