Q: 6
[Introduction to Incident Handling and Response]
Which of the following techniques prevent or mislead incident-handling process and may also affect
the collection, preservation, and identification phases of the forensic
investigation process?
Options
Discussion
D. saw this in a similar exam question before. Anti-forensics directly targets the IR and forensic phases.
If we're being precise, D is right unless the context was asking about accidental interference, which isn't implied. D
I don't think C fits here. Anti-forensics (D) is all about deliberately stopping or confusing the response and forensic process, like erasing traces or corrupting logs. The others-scanning, footprinting, enumeration-are just info gathering steps, not designed to mislead investigators. Pretty sure D is right but I get why C might look tempting if you're thinking about indirect effects. Anyone disagree?
Why wouldn't D be the best choice? The others are just info gathering, not really interfering with forensic phases.
D imo. None of the other options actually disrupt the response or forensics process, they're just about gathering info. Anti-forensics is designed to mess with evidence collection and preservation. If I'm missing something let me know.
D
Its D here. None of the others directly interfere with evidence handling like anti-forensics does. Pretty sure that's what the exam wants.
B tbh. Footprinting might mess with forensics since it’s info gathering and could cover tracks, right? Not totally sure but scanning/enumeration don’t seem as impactful. Let me know if I’m missing something obvious here.
D , this pops up in a lot of exam reports under anti-forensics so not really a trick question here.
Probably D. Scanning, footprinting and enumeration are all recon techniques, but only D (anti-forensics) is meant to mess with collection and preservation in forensics. A common trap is picking A or B just because they're attack phases.
Be respectful. No spam.
