Which capability is listed for OS Forensics?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards

From $9.99Unlock all

Prepare for the EC-Council Certified Security Specialist Exam with our comprehensive quiz. Enhance your understanding through flashcards and multiple-choice questions complete with hints and explanations. Boost your exam confidence today!

Multiple Choice

Which capability is listed for OS Forensics?

Hash matching is a core capability for OS Forensics. It involves generating cryptographic hashes (like MD5, SHA-1, or SHA-256) for files and then comparing those hashes to known databases of legitimate or malicious file fingerprints. This lets investigators quickly identify suspicious or known-malicious files, confirm file integrity, and spot duplicates across large datasets without manually inspecting every item. The other options describe activities that aren’t typical forensic analysis features—cloud data migration is about moving data to or between clouds, social engineering campaigns are about manipulating people, and real-time antivirus scanning is a live protection function rather than evidence examination.

Which capability is listed for OS Forensics?

Prepare for the EC-Council Certified Security Specialist Exam with our comprehensive quiz. Enhance your understanding through flashcards and multiple-choice questions complete with hints and explanations. Boost your exam confidence today!

Which capability is listed for OS Forensics?

Get the latest from Examzify