CySA+ domain #10: Digital forensic tools and investigation techniques


As is the case with all CompTIA certifications, the CySA+ is a vendor-neutral exam. It is aimed at the intermediate cybersecurity professional. There are no real prerequisites for the exam, but it is recommended that candidates have a Network+ and Security+ before attempting the CySA+. These certifications are not strictly necessary, but they will provide the basic foundations of network and cybersecurity theory on which the CySA+ rests.

In this article, we will look at the information that you need to successfully meet the requirements as they are set out in Domain 3.2 in the CompTIA CySA+ exam objectives. This is a brief overview and should be the first place that you start before undertaking your studying. It will help you to mentally map out the work that you need to do in order to study for this exam and will help you to get your study plan mapped out and underway.

Forensics kit

You can think of this section of the CySA+ as an outline of the kinds of tools and techniques that you would use during the course of an investigation. It outlines a few of the most crucial items that you need to be familiar with. Below is a breakdown of the forensic kit that you must be familiar with for the exam.

Digital forensics workstation

Think of the digital forensic workstation as the go-to piece of gear that you will be using frequently to conduct investigations. As such, it has a few special requirements that are simple but important to remember. Some of these requirements are as follows:

  • Network connectivity: The digital forensics workstation must be able to connect to various network sources during the investigation and testing phases of each case
  • Hardware solution for HDD duplication: Hardware-based drive cloning solutions are (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Graeme Messina. Read the original post at: