Computer Hacking Forensic Investigator (CHFI v10) — Question 518

An executive has leaked the company trade secrets through an external drive. What process should the investigation team take if they could retrieve his system?

Answer options

• A. Postmortem Analysis
• B. Real-Time Analysis
• C. Packet Analysis
• D. Malware Analysis

Correct answer: A

Explanation

The correct answer is A, Postmortem Analysis, as this involves examining the system after an event has occurred to understand what happened and how it can be prevented in the future. The other options, such as Real-Time Analysis, focus on monitoring ongoing activity, while Packet and Malware Analysis are more specific to network traffic and malicious software, respectively, rather than the overall investigation of a data breach.