During a log review, an incident responder is attempting to process the proxy server’s log files but finds that they are too large to be opened by any file viewer. Which of the following is the MOST appropriate technique to open and analyze these log files?
A Windows system administrator has received notification from a security analyst regarding new malware that executes under the process name of “armageddon.exe” along with a request to audit all department workstations for its presence. In the absence of GUI-based tools, what command could the administrator execute to complete this task?
A security analyst has discovered that an application has failed to run. Which of the following is the tool MOST likely used by the analyst for the initial discovery?
Various logs are collected for a data leakage case to make a forensic analysis. Which of the following are MOST important for log integrity? (Choose two.)
When tracing an attack to the point of origin, which of the following items is critical data to map layer 2 switching?
When attempting to determine which system or user is generating excessive web traffic, analysis of which of the following would provide the BEST results?
