What are indicators of compromise (IOCs)?

Indicators of compromise (IOCs) are forensic artifacts observed on a network or within system logs that suggest that a security breach or malicious activity has occurred. These artifacts can include a variety of data points such as unusual network traffic patterns, specific file hashes, IP addresses, domain names, and URLs commonly associated with malicious activity. Analysts use these indicators to detect, analyze, and respond to potential threats, allowing them to understand the nature of the incident and mitigate its impact.

The other choices describe different concepts related to cybersecurity but do not fit the definition of IOCs. For example, malicious software that steals data refers specifically to malware, while firewalls are preventative measures that control incoming and outgoing network traffic. Data encryption techniques serve the purpose of securing information but are not IOCs themselves. Thus, the correct understanding of IOCs aligns with the notion of forensic artifacts on a network, making this choice the most accurate.