GIAC
GCIA · Question #69
GCIA Question #69: Real Exam Question with Answer & Explanation
The correct answer is D. FSP. In Helix Live for Windows, the FSP (Forensic Server Project) is the specific component designed to capture volatile data from a live Windows system and transmit it to a remote server over TCP/IP.
Question
Adam works as a professional Computer Hacking Forensic Investigator. He has been assigned with a project to investigate a computer in the network of SecureEnet Inc. The compromised system runs on Windows operating system. Adam decides to use Helix Live for Windows to gather data and electronic evidences starting with retrieving volatile data and transferring it to server component via TCP/IP. Which of the following application software in Helix Windows Live will he use to retrieve volatile data and transfer it to the server component via TCP/IP?
Options
- AFAU
- BFTK imager
- CDrive Manager
- DFSP
Explanation
In Helix Live for Windows, the FSP (Forensic Server Project) is the specific component designed to capture volatile data from a live Windows system and transmit it to a remote server over TCP/IP.
Common mistakes.
- A. FAU (File Access Utility) is used to access files on a live system without altering timestamps, not to transfer volatile data over TCP/IP.
- B. FTK Imager is a disk imaging tool used to create forensic images of storage media, not to capture and transmit volatile system data over a network.
- C. Drive Manager is used for managing and interacting with physical drives, not for live volatile data capture or TCP/IP-based transfer to a server.
Concept tested. Helix Live volatile data acquisition via network
Community Discussion
No community discussion yet for this question.