During a forensic investigation, a security analyst reviews some Session Initiation Protocol packets that came from a suspicious IP address. Law enforcement requires access to a VoIP call
that originated from the suspicious IP address.
Which of the following should the analyst use to accomplish this task?
A . Wireshark
B. iptables
C. Tcpdump
D. Netflow
Answer: A
Explanation:
Wireshark is a tool that can capture and analyze network traffic, including Session Initiation Protocol (SIP) and Voice over IP (VoIP) packets. The security analyst can use Wireshark to extract the audio data from the VoIP call that originated from the suspicious IP address and provide it to law enforcement. iptables, tcpdump, and Netflow are other tools that can manipulate or monitor network traffic, but they cannot extract audio data from VoIP packets.
Reference: https://www.wireshark.org/docs/wsug_html_chunked/ChVoIPAnalysis.html
Latest CS0-002 Dumps Valid Version with 220 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund