Free Preparation Discussions
MENU
Eccouncil Exam 212-89 Topic 3 Question 63 Discussion
Topic #: 3
Clark is investigating a cybercrime at TechSoft Solutions. While investigating the case,
he needs to collect volatile information such as running services, their process IDs,
startmode, state, and status.
Which of the following commands will help Clark to collect such information from
running services?
WMIC (Windows Management Instrumentation Command-line) is a command-line tool that provides a unified interface for Windows management tasks, including the collection of system information. It allows administrators and forensic investigators to query the live system for information about running services, their process IDs, start modes, states, and statuses, among other data. The use of WMIC is particularly valuable in incident response scenarios for gathering volatile information from a system without having to install additional software, which might alter the state of the system being investigated. By executing specific WMIC commands, Clark can extract detailed information about the services running on a system at the time of the investigation, making it an essential tool for collecting volatile data in a forensically sound manner.
Bobbye
11 months agoSabine
11 months agoLinn
11 months agoColene
10 months agoNydia
10 months agoCordelia
10 months agoDorthy
11 months agoErnie
11 months agoMitsue
11 months agoLashon
11 months agoRueben
12 months agoKrissy
12 months agoMichell
12 months agoVesta
11 months agoWillie
11 months agoLizbeth
11 months agoKimbery
12 months agoDenae
12 months ago