Which of the following tasks would ensure the key outputs from a penetration test are not lost as part of the cleanup and restoration activities?
Correct Answer: A
Preserving Artifacts:
Definition: Artifacts in penetration testing include all data and evidence collected during the test, such as logs, screenshots, exploit scripts, configuration files, and any other relevant information.
Importance: These artifacts are critical for reporting and post-assessment analysis. They serve as evidence of findings and support the conclusions and recommendations made in the penetration test report.
Other Tasks:
Reverting Configuration Changes: Important for restoring systems to their original state but does not directly ensure preservation of key outputs.
Keeping Chain of Custody: Ensures that evidence is handled properly, particularly in legal contexts, but is more relevant to forensic investigations.
Exporting Credential Data: Part of preserving artifacts, but preserving artifacts is a broader task that encompasses more than just credential data.
Pentest Reference:
Reporting: Comprehensive documentation and reporting of findings are crucial parts of penetration testing.
Evidence Handling: Properly preserving and handling artifacts ensure that the integrity of the test results is maintained and can be used for future reference.
By preserving artifacts, the penetration tester ensures that all key outputs from the test are retained for analysis, reporting, and future reference.