Certified Information Systems Security Professional (CISSP) — Question 347

The Industrial Control System (ICS) Computer Emergency Response Team (CERT) has released an alert regarding ICS-focused malware specifically propagating through Windows-based business networks. Technicians at a local water utility note that their dams, canals, and locks controlled by an internal Supervisory
Control and Data Acquisition (SCADA) system have been malfunctioning. A digital forensics professional is consulted in the Incident Response (IR) and recovery.
Which of the following is the MOST challenging aspect of this investigation?

Answer options

• A. Group policy implementation
• B. SCADA network latency
• C. Physical access to the system
• D. Volatility of data

Correct answer: D

Explanation

The correct answer is D because volatile data, which can be lost easily when systems are powered down or reset, poses a significant challenge in forensic investigations. Options A, B, and C, while potentially problematic, do not present the same immediate risk to the integrity of the evidence as the volatility of data does.