Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which tool assists an incident handler in gathering comprehensive information about a file?

dupeGuru
FileAlyzer
HashMyFiles
WinHex

The correct answer is: HashMyFiles

The correct choice focuses on HashMyFiles, which is a tool specifically designed for collecting and analyzing hash values of files. It provides detailed information about a file, including its hash values (MD5, SHA-1, SHA-256), which can be instrumental during an incident investigation. By obtaining these hashes, incident handlers can compare files against known datasets to identify malicious files or determine if a file has been altered. Furthermore, HashMyFiles allows users to gather additional metadata about the files, such as file size, creation date, last modified date, and the full file path. This comprehensive view enables incident handlers to build a cohesive picture of file-related incidents and assess the integrity and authenticity of the data involved. While the other tools mentioned have their strengths, they serve different purposes. For instance, dupeGuru is primarily designed to find duplicate files, which may not be useful during the data gathering phase of an incident. FileAlyzer and WinHex are more general-purpose tools with broader functionalities like file analysis and hex editing, respectively, but do not focus exclusively on hashing and metadata extraction in the way HashMyFiles does. Thus, HashMyFiles is the optimal tool for an incident handler seeking in-depth information about files during investigations.