Which of the following MAC forensic data components saves file information and related events using a token with a binary structure?

Which of the following MAC forensic data components saves file information and related events using a token with a binary structure?
A . Kexts
B . User account
C . Command-line inputs
D . Basic Security Module

View Answer

Answer: D

Explanation:

In the context of MAC (Mandatory Access Control) forensics, the Basic Security Module (BSM) is known to save file information and related events using a token with a binary structure. BSM is part of the auditing system that records security-related events and data. Each BSM audit record is composed of one or more tokens, where each token has a specific type identifier followed by data relevant to that token type. This structure allows for a detailed and organized way to store and retrieve event data, which is crucial for forensic analysis.

Reference: The explanation provided is based on general knowledge of MAC forensics and the role of BSM in such environments. For detailed information, it is recommended to refer to the EC-Council Certified Security Specialist (E|CSS) study materials and official documentation.