Network Traffic Analysis | Identifying Captured Traffic | CompTIA CySA+ Exam

Identifying Captured Traffic

Question

A large amount of confidential data was leaked during a recent security breach.

As part of a forensic investigation, the security team needs to identify the various types of traffic that were captured between two compromised devices.

Which of the following should be used to identify the traffic?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

C.

In order to identify the various types of traffic that were captured between two compromised devices as part of a forensic investigation, the security team should use packet analysis. Therefore, the correct answer is C.

Packet analysis, also known as packet sniffing or protocol analysis, involves capturing network traffic and analyzing it at the packet level to understand what is happening on the network. This is done by capturing and examining individual packets of data as they flow through the network.

Packet analysis can provide valuable information about the type of traffic that was captured between the two compromised devices, including the protocols used, the source and destination IP addresses, the type of data being transmitted, and any anomalies or patterns that may indicate malicious activity.

Carving, disk imaging, memory dump, and hashing are all important forensic techniques, but they are not directly related to identifying the types of traffic captured between two devices.

Carving is the process of extracting specific data from a larger data set, such as recovering a deleted file from a hard drive.

Disk imaging involves creating an exact copy of a hard drive or other storage device for forensic analysis.

Memory dump is the process of copying the contents of a computer's memory (RAM) for forensic analysis.

Hashing is a cryptographic technique used to verify the integrity of data by generating a fixed-length "fingerprint" or hash value that can be used to verify the authenticity of the data.

In summary, the correct answer to the question is C, packet analysis, as this technique can help identify the various types of traffic that were captured between two compromised devices.