EC-Council
ECSS · Question #183
ECSS Question #183: Real Exam Question with Answer & Explanation
Sign in or unlock ECSS to reveal the answer and full explanation for question #183. The question stem and answer options stay visible for context.
Question
Peter works as a Technical Representative in a CSIRT for SecureEnet Inc. His team is called to investigate the computer of an employee, who is suspected for classified data theft. Suspect's computer runs on Windows operating system. Peter wants to collect data and evidences for further analysis. He knows that in Windows operating system, the data is searched in pre-defined steps for proper and efficient analysis. Which of the following is the correct order for searching data on a Windows based system?
Options
- AVolatile data, file slack, registry, memory dumps, file system, system state backup, interne t traces
- BVolatile data, file slack, registry, system state backup, internet traces, file system, memory dumps
- CVolatile data, file slack, internet traces, registry, memory dumps, system state backup, file system
- DVolatile data, file slack, file system, registry, memory dumps, system state backup, interne t traces
Unlock ECSS to see the answer
You've previewed enough free ECSS questions. Unlock ECSS for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.