Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

GIAC Exam GCIA Topic 6 Question 44 Discussion

Actual exam question for GIAC's GCIA exam
Question #: 44
Topic #: 6
[All GCIA Questions]

Peter works as a Technical Representative in a CSIRT for SecureEnet Inc. His team is called to investigate the computer of an employee, who is suspected for classified data theft. Suspect's computer runs on Windows operating system. Peter wants to collect data and evidences for further analysis. He knows that in Windows operating system, the data is searched in pre-defined steps for proper and efficient analysis. Which of the following is the correct order for searching data on a Windows based system?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Marge at Apr 29, 2024, 08:12 AM

Limited Time Offer

25%

Off

Get Premium GCIA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Judy
5 days ago
Okay, let's think this through step-by-step. Volatile data first, then file slack, and the rest... hmm, I better double-check my notes.
upvoted 0 times
...
Ria
14 days ago
Ah, the old Windows forensics dance! This question is a classic. Let's see what the experts have to say.
upvoted 0 times
...
Clarence
15 days ago
I agree with Denise, A) seems to be the most logical order for searching data on a Windows based system.
upvoted 0 times
...
Dudley
16 days ago
I disagree, I believe the correct order is B) Volatile data, file slack, file system, registry, memory dumps, system state backup, internet traces.
upvoted 0 times
...
Denise
17 days ago
I think the correct order is A) Volatile data, file slack, registry, memory dumps, file system, system state backup, internet traces.
upvoted 0 times
...
Ira
22 days ago
I agree with Dominque, A) seems to be the most logical order for searching data on a Windows based system.
upvoted 0 times
...
Wava
23 days ago
I disagree, I believe the correct order is B) Volatile data, file slack, file system, registry, memory dumps, system state backup, internet traces.
upvoted 0 times
...
Dominque
26 days ago
I think the correct order is A) Volatile data, file slack, registry, memory dumps, file system, system state backup, internet traces.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77