nerdexam
ExamsCAS-003Questions#112
CompTIA

CAS-003 · Question #112

CAS-003 Question #112: Real Exam Question with Answer & Explanation

The correct answer is C: System processes, network processes, file system information, swap files and raw disk blocks.. The order in which you should collect evidence is referred to as the Order of volatility. Generally, evidence should be collected from the most volatile to the least volatile. The order of volatility from most volatile to least volatile is as follows: Data in RAM, including CPU c

Question

An investigator wants to collect the most volatile data first in an incident to preserve the data that runs the highest risk of being lost. After memory, which of the following BEST represents the remaining order of volatility that the investigator should follow?

Options

  • AFile system information, swap files, network processes, system processes and raw disk blocks.
  • BRaw disk blocks, network processes, system processes, swap files and file system information.
  • CSystem processes, network processes, file system information, swap files and raw disk blocks.
  • DRaw disk blocks, swap files, network processes, system processes, and file system information.

Explanation

The order in which you should collect evidence is referred to as the Order of volatility. Generally, evidence should be collected from the most volatile to the least volatile. The order of volatility from most volatile to least volatile is as follows: Data in RAM, including CPU cache and recently used data and applications Data in RAM, including system and network processes Swap files (also known as paging files) stored on local disk drives Data stored on local disk drives Logs stored on remote systems

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-003 Practice
An investigator wants to collect the most volatile data first in... | CAS-003 Q#112 Answer | NerdExam