CompTIA CySA+ (CS0-002) — Question 163

An online gaming company was impacted by a ransomware attack. An employee opened an attachment that was received via an SMS attack on a company-issued mobile device while connected to the network. Which of the following actions would help during the forensic analysis of the mobile device? (Choose two.)

Answer options

• A. Resetting the phone to factory settings
• B. Rebooting the phone and installing the latest security updates
• C. Documenting the respective chain of custody
• D. Uninstalling any potentially unwanted programs
• E. Performing a memory dump of the mobile device for analysis
• F. Unlocking the device by blowing the eFuse

Correct answer: C, E

Explanation

Option C, documenting the chain of custody, is essential to maintain the integrity of evidence during forensic analysis. Option E, performing a memory dump, allows investigators to capture volatile data which could contain critical information about the ransomware attack. The other options either compromise evidence or do not provide useful data for analysis.