A security analyst is investigating a potential security incident and has discovered several suspicious artifacts: unusual outbound network traffic to a known malicious IP address, a file with a hash matching a known malware sample, and a new scheduled task that establishes persistence. How should the analyst classify these collective pieces of evidence?
Indicators of Compromise (IoCs) are forensic artifacts, or pieces of digital evidence, that indicate a security breach has likely occurred. In the scenario, the malicious IP address, malware file hash, and persistence mechanism are all classic examples of IoCs. Incident Response Playbooks are documents that outline procedures for responding to incidents. Open Source Intelligence (OSINT) is data collected from publicly available sources. Chain of Custody is the chronological documentation showing the seizure, custody, and control of evidence.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.