CompTIA CySA+ CS0-003 Practice Question
Which of the following best describes the purpose of forensic analysis in the context of incident response?
Its sole purpose is to recover any lost or compromised data during a security incident.
It aims to systematically examine the evidence from a security incident to identify what occurred, how it occurred, and potentially who was involved.
Forensic analysis refers to ensuring that all evidence is admissible in a court of law.
It focuses primarily on repairing systems and restoring them to a fully operational status after an incident occurs.