Which of the following activities would be a part of retrospective analysis?
- scanning for vulnerabilities with NESSUS
- using historical data to identify an infected host
- using nmap to determine open ports
- attempting to exploit a vulnerability you found
Whenever you use historical data from logs to help identify a breach of any sort, you are engaged in retrospective analysis. A retrospective analysis is permed when the outcome of an event is already known, such as attempting to discover when identified malware first entered your system. GigaStor Security Forensics is another example of a tool that performs retrospective analysis.
Using nmap to determine open ports is a part of network discovery stage of a penetration test. by identifying the open ports, potential attacks may be identified before they occur.
Scanning for vulnerabilities with NESSUS is a part of a vulnerability test. Attempting to exploit a vulnerability is a later stage in the penetration test.