Valid Digital-Forensics-in-Cybersecurity Dumps shared by ExamDiscuss.com for Helping Passing Digital-Forensics-in-Cybersecurity Exam! ExamDiscuss.com now offer the newest Digital-Forensics-in-Cybersecurity exam dumps, the ExamDiscuss.com Digital-Forensics-in-Cybersecurity exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com Digital-Forensics-in-Cybersecurity dumps with Test Engine here:
A company has identified that a hacker has modified files on one of the company's computers. The IT department has collected the storage media from the hacked computer. Which evidence should be obtained from the storage media to identify which files were modified?
Correct Answer: A
Comprehensive and Detailed Explanation From Exact Extract: File timestamps, including creation time, last modified time, and last accessed time, are fundamental metadata attributes stored with each file on a file system. When files are modified, these timestamps usually update, providing direct evidence about when changes occurred. Examining file timestamps helps forensic investigators identify which files were altered and estimate the time of unauthorized activity. * IP addresses (private or public) are network-related evidence, not stored on the storage media's files directly. * Operating system version is system information but does not help identify specific file modifications. * Analysis of file timestamps is a standard forensic technique endorsed by NIST SP 800-86 (Guide to Integrating Forensic Techniques into Incident Response) for determining file activity and changes on digital media.
