Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

GIAC Exam GCIA Topic 6 Question 44 Discussion

Actual exam question for GIAC's GCIA exam
Question #: 44
Topic #: 6
[All GCIA Questions]

Peter works as a Technical Representative in a CSIRT for SecureEnet Inc. His team is called to investigate the computer of an employee, who is suspected for classified data theft. Suspect's computer runs on Windows operating system. Peter wants to collect data and evidences for further analysis. He knows that in Windows operating system, the data is searched in pre-defined steps for proper and efficient analysis. Which of the following is the correct order for searching data on a Windows based system?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Marge at Apr 29, 2024, 08:12 AM

Limited Time Offer

25%

Off

Get Premium GCIA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Fabiola
1 months ago
Wait, is 'interne t' a new type of trace I'm not familiar with? Maybe it's a typo, or a secret government thing. *strokes chin thoughtfully*
upvoted 0 times
Dwight
3 days ago
User 3: Let's focus on the correct order for searching data on a Windows system.
upvoted 0 times
...
Chaya
17 days ago
User 2: Yeah, it's probably supposed to be 'internet traces'.
upvoted 0 times
...
Ryann
19 days ago
User 1: I think 'interne t' is just a typo.
upvoted 0 times
...
...
Lavina
2 months ago
Hmm, I remember something about the registry being important, but where does it fit in the order? This is tricky.
upvoted 0 times
Jestine
2 days ago
B) Volatile data, file slack, file system, registry, memory dumps, system state backup, internet traces
upvoted 0 times
...
Helga
5 days ago
The registry is important for sure, it comes after file slack and before memory dumps.
upvoted 0 times
...
Levi
13 days ago
A) Volatile data, file slack, registry, memory dumps, file system, system state backup, internet traces
upvoted 0 times
...
...
Tony
2 months ago
Whoa, this is like a treasure hunt for digital evidence! I hope Peter's got his detective hat on.
upvoted 0 times
Jamika
16 days ago
C) Volatile data, file slack, internet traces, registry, memory dumps, system state backup, file system
upvoted 0 times
...
Tasia
1 months ago
B) Volatile data, file slack, file system, registry, memory dumps, system state backup, internet traces
upvoted 0 times
...
Dorthy
1 months ago
A) Volatile data, file slack, registry, memory dumps, file system, system state backup, internet traces
upvoted 0 times
...
...
Judy
2 months ago
Okay, let's think this through step-by-step. Volatile data first, then file slack, and the rest... hmm, I better double-check my notes.
upvoted 0 times
Phuong
13 days ago
D) Volatile data, file slack, registry, system state backup, internet traces, file system, memory dumps
upvoted 0 times
...
Valentine
1 months ago
C) Volatile data, file slack, internet traces, registry, memory dumps, system state backup, file system
upvoted 0 times
...
Rosendo
1 months ago
B) Volatile data, file slack, file system, registry, memory dumps, system state backup, internet traces
upvoted 0 times
...
Avery
1 months ago
A) Volatile data, file slack, registry, memory dumps, file system, system state backup, internet traces
upvoted 0 times
...
...
Ria
2 months ago
Ah, the old Windows forensics dance! This question is a classic. Let's see what the experts have to say.
upvoted 0 times
Ceola
1 months ago
B) Volatile data, file slack, file system, registry, memory dumps, system state backup, internet traces
upvoted 0 times
...
Coral
1 months ago
A) Volatile data, file slack, registry, memory dumps, file system, system state backup, internet traces
upvoted 0 times
...
...
Clarence
2 months ago
I agree with Denise, A) seems to be the most logical order for searching data on a Windows based system.
upvoted 0 times
...
Dudley
2 months ago
I disagree, I believe the correct order is B) Volatile data, file slack, file system, registry, memory dumps, system state backup, internet traces.
upvoted 0 times
...
Denise
2 months ago
I think the correct order is A) Volatile data, file slack, registry, memory dumps, file system, system state backup, internet traces.
upvoted 0 times
...
Ira
3 months ago
I agree with Dominque, A) seems to be the most logical order for searching data on a Windows based system.
upvoted 0 times
...
Wava
3 months ago
I disagree, I believe the correct order is B) Volatile data, file slack, file system, registry, memory dumps, system state backup, internet traces.
upvoted 0 times
...
Dominque
3 months ago
I think the correct order is A) Volatile data, file slack, registry, memory dumps, file system, system state backup, internet traces.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77