| Exam 200-201 | Question id=6053 | Host-based analysis |
An offline audit log contains the source IP address of a session suspected to have exploited a vulnerability resulting in system compromise.
Which kind of evidence is this IP address?
| A. |
best evidence | |
| B. |
corroborative evidence | |
| C. |
indirect evidence | |
| D. |
forensic evidence |