CHFI • Practice Exam 55
Free CHFI practice exam — 20 questions with explanations. Set 55. No signup required.
An incident responder analyzes a compromised system and finds evidence of timestomping: the Modified timestamp of a malicious DLL is earlier than the Creation timestamp. Additionally, the DLL is encrypted with an XOR key. Which anti-forensic techniques are being employed?