nerdexam
EC-Council

312-76 · Question #9

312-76 Question #9: Real Exam Question with Answer & Explanation

The correct answer is D. Volatile data, file slack, file system, registry, memory dumps, system state backup, internet traces. See the full explanation below for the reasoning.

Question

Peter works as a Technical Representative in a CSIRT for SecureEnet Inc. His team is called to investigate the computer of an employee, who is suspected for classified data theft. Suspect's computer runs on Windows operating system. Peter wants to collect data and evidences for further analysis. He knows that in Windows operating system, the data is searched in pre-defined steps for proper and efficient analysis. Which of the following is the correct order for searching data on a Windows based system?

Options

  • AVolatile data, file slack, registry, system state backup, internet traces, file system, memory dumps
  • BVolatile data, file slack, internet traces, registry, memory dumps, system state backup, file system
  • CVolatile data, file slack, registry, memory dumps, file system, system state backup, internet traces
  • DVolatile data, file slack, file system, registry, memory dumps, system state backup, internet traces

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-76 Practice