What is a common indicator of data exfiltration during an investigation?

A common indicator of data exfiltration is unusual outbound network traffic. When an organization experiences data exfiltration, it typically involves the unauthorized transfer of sensitive data from an internal network to an external one. This transfer often results in an increase in outbound network traffic that deviates from the organization's normal patterns.

Monitoring network traffic is a fundamental aspect of cybersecurity. In a typical environment, outbound traffic should follow a predictable baseline. Therefore, any significant spikes or unusual patterns may signal that data is being transmitted inappropriately, potentially indicating an exfiltration attempt. This can manifest as large volumes of data being sent to external IP addresses, connections to suspicious destinations, or unusual protocols being used for data transfers.

This observation is crucial for incident response teams during investigations, as identifying such anomalies can facilitate timely detection and mitigation of potential breaches. The other options, although they can be indicative of various issues within a network, do not specifically correlate with the stealthy transfer of data to external locations as clearly as unusual outbound network traffic does.