Computer Hacking Forensic Investigator (CHFI) — Question 136

An executive has leaked the company trade secrets through an external drive. What process should the investigation team take if they could retrieve his system?

Answer options

• A. Postmortem Analysis
• B. Real-Time Analysis
• C. Packet Analysis
• D. Malware Analysis

Correct answer: A

Explanation

The correct answer is A, Postmortem Analysis, as it involves examining the system after an incident to understand what happened and how to prevent it in the future. Real-Time Analysis (B) is focused on monitoring live data, while Packet Analysis (C) deals with inspecting data packets in transit, and Malware Analysis (D) is concerned with identifying and understanding malicious software, none of which are suitable for investigating past incidents.