Certified Incident Handler (ECIH v3) — Question 46

To recover, analyze, and preserve computer and related materials in such a way that it can be presented as evidence in a court of law and identify the evidence in short time, estimate the potential impact of the malicious activity on the victim, and assess the intent and identity of the perpetrator is known as:

Answer options

• A. Computer Forensics
• B. Digital Forensic Analysis
• C. Forensic Readiness
• D. Digital Forensic Examiner

Correct answer: A

Explanation

The correct answer, Computer Forensics, specifically refers to the discipline that focuses on recovering and analyzing digital evidence for legal purposes. Digital Forensic Analysis, while related, is a subset of the larger field and does not encompass the full range of activities described. Forensic Readiness pertains to preparing an organization for potential investigations but does not involve the actual recovery of evidence. Digital Forensic Examiner refers to the role of a professional in the field, rather than the discipline itself.