In network forensics which of these is a common form used?
C: Stop, act and prevent.
D: Stop and release.
CBK 7: Security Operations
Source: ThorTeaches.com practice tests
A: Network forensics: Systems used to collect network data for forensics use usually come in two forms: Catch-it-as-you-can: All packets passing through a certain traffic point are captured and written to storage with analysis being done subsequently in batch mode. This approach requires large amounts of storage. Stop, look and listen: Each packet is analyzed in a basic way in memory and only certain information is saved for future analysis. This approach requires a faster processor to keep up with incoming traffic.