GIAC
GCFE · Question #130
GCFE Question #130: Real Exam Question with Answer & Explanation
Sign in or unlock GCFE to reveal the answer and full explanation for question #130. The question stem and answer options stay visible for context.
Question
A forensic investigator is analyzing a Windows system suspected of containing malware. The user claims they did not install any suspicious programs. Which artifacts would you analyze to confirm or refute this claim? (Choose three)
Options
- APrefetch files
- BMaster File Table (MFT)
- CSystem log
- DRecycle Bin contents
- EApplication error logs
Unlock GCFE to see the answer
You've previewed enough free GCFE questions. Unlock GCFE for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.