Digital Forensic Certification Practice Exam

What type of digital forensic artifact helps detect security incidents by providing logs from various sources?

• A. Indicators of compromise
• B. Network traffic analysis
• C. System snapshots
• D. File integrity checks

The correct answer is: Indicators of compromise

Indicators of compromise (IOCs) are critical in digital forensics and incident response as they provide valuable information regarding potential security incidents. IOCs encompass various data points such as logs, hashes, IP addresses, URLs, and file names that help identify malicious activities or breaches within a system. When analyzing security events, IOCs assist forensic investigators in determining whether a system has been compromised by actively correlating evidence from different log sources. These logs may come from firewalls, intrusion detection systems, antivirus software, or operating system logs, providing a comprehensive picture of the security posture and any unusual behavior that might indicate a security incident. Using IOCs enables teams to respond effectively, as they can reference these indicators against the collected log data to discover signs of unauthorized access or malware presence. This proactive approach enhances security monitoring and incident detection capabilities. In contrast, other options like network traffic analysis typically focus on real-time data movement and anomalies rather than pre-established indicators. System snapshots provide a static view of a system at a specific point in time, which can be useful for recovery but lacks the dynamic insight provided by logs. File integrity checks focus on changes to files rather than the broader context of system behavior and events. Thus, indicators of compromise serve a more foundational role in