New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Eccouncil 212-89 Exam - Topic 4 Question 47 Discussion

Actual exam question for Eccouncil's 212-89 exam
Question #: 47
Topic #: 4
[All 212-89 Questions]

Farheen is an incident responder at reputed IT Firm based in Florid

a. Farheen was asked to investigate a recent cybercrime faced by the organization. As part of this process, she collected static data from a victim system. She used DD tool command to perform forensic duplication to obtain an NTFS image of the original disk. She created a sector-by-sector mirror imaging of the disk and saved the output image file as image.dd.

Identify the static data collection process step performed by Farheen while collecting static data.

Show Suggested Answer Hide Answer
Suggested Answer: A

by Deandrea at Aug 10, 2023, 10:25 PM

Limited Time Offer

25%

Off

Get Premium 212-89 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Maryann
3 months ago
Are we sure this is the right process? Seems off.
upvoted 0 times
...
Jettie
3 months ago
Wow, I didn't know you could save it as image.dd!
upvoted 0 times
...
Walton
4 months ago
I thought it was more about physical presentation?
upvoted 0 times
...
Victor
4 months ago
Definitely a system preservation step!
upvoted 0 times
...
Zack
4 months ago
Farheen used DD tool for forensic duplication.
upvoted 0 times
...
Arminda
4 months ago
I keep mixing up "administrative consideration" and "system preservation." I need to double-check which one applies here!
upvoted 0 times
...
Arlie
4 months ago
I practiced a similar question where we discussed the steps in data collection, and I think "system preservation" was emphasized there too.
upvoted 0 times
...
Tula
5 months ago
I'm not entirely sure, but I feel like the term "physical presentation" could relate to how the data was collected.
upvoted 0 times
...
Kathryn
5 months ago
I remember studying about the importance of system preservation in forensic investigations, so I think that might be the right answer.
upvoted 0 times
...
Soledad
5 months ago
I'm not totally confident on this one. I'll try to eliminate the options that seem obviously true, and then make my best guess on the remaining one.
upvoted 0 times
...
Blair
5 months ago
Wait, I'm confused. If a broadcast packet is being received, wouldn't it need to be processed all the way up to the network layer to determine if the destination address matches? I'm not sure about this one.
upvoted 0 times
...
Freeman
10 months ago
Ah, the classic DD tool. It's like the Swiss Army knife of forensics, isn't it? I'm going with C - System preservation on this one.
upvoted 0 times
Laticia
9 months ago
User 3: Yeah, system preservation is crucial in maintaining the integrity of the evidence.
upvoted 0 times
...
Gail
10 months ago
User 2: I think Farheen was focusing on system preservation when she collected the static data.
upvoted 0 times
...
Glenn
10 months ago
User 1: I agree, the DD tool is definitely a versatile tool for forensics.
upvoted 0 times
...
...
Juliann
10 months ago
Haha, DD tool? More like 'do or die' tool, am I right? But seriously, I think the answer is C - System preservation.
upvoted 0 times
Daniel
8 months ago
System preservation is crucial in incident response investigations.
upvoted 0 times
...
Stephaine
8 months ago
D) Physical presentation
upvoted 0 times
...
Alexis
8 months ago
Farheen did a great job using the DD tool for forensic duplication.
upvoted 0 times
...
Cortney
8 months ago
C) System preservation
upvoted 0 times
...
Marge
8 months ago
B) Administrative consideration
upvoted 0 times
...
Britt
8 months ago
I agree, it's definitely important to preserve the system during data collection.
upvoted 0 times
...
Annmarie
9 months ago
A) Comparison
upvoted 0 times
...
Orville
9 months ago
Yes, you're right! DD tool is quite powerful.
upvoted 0 times
...
...
Izetta
10 months ago
Wait, did she use the DD tool to make a mirror image? Isn't that more like physical presentation? I'm not sure about this one.
upvoted 0 times
...
Jenelle
10 months ago
This is a pretty straightforward question. Farheen used the DD tool command to perform forensic duplication, which is the correct answer - System preservation.
upvoted 0 times
Aleta
10 months ago
System preservation was crucial in collecting static data for the investigation.
upvoted 0 times
...
Edelmira
10 months ago
Farheen used the DD tool command to perform forensic duplication, which is the correct answer - System preservation.
upvoted 0 times
...
...
Raylene
11 months ago
I believe it could also be Administrative consideration, as ensuring proper documentation and chain of custody is important in cybercrime investigations.
upvoted 0 times
...
Stephaine
11 months ago
I agree with Merrilee, System preservation is crucial in forensic investigations to ensure the integrity of the evidence.
upvoted 0 times
...
Merrilee
11 months ago
I think the static data collection process step performed by Farheen is System preservation.
upvoted 0 times
...

Save Cancel