New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC GCED Exam - Topic 6 Question 65 Discussion

Actual exam question for GIAC's GCED exam
Question #: 65
Topic #: 6
[All GCED Questions]

At the start of an investigation on a Windows system, the lead handler executes the following commands after inserting a USB drive. What is the purpose of this command? C:\ >dir / s / a dhsra d: \ > a: \ IRCD.txt

Show Suggested Answer Hide Answer
Suggested Answer: C

This command will create a text file on the collection media (in this case you would probably be using a USB flash drive) named IRCD.txt that should contain a recursive directory listing of all files on the desk.


by Moira at Jul 04, 2025, 03:44 AM

Limited Time Offer

25%

Off

Get Premium GCED Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Gearldine
2 months ago
Wait, is it really copying? I thought it was just listing stuff.
upvoted 0 times
...
Alfred
2 months ago
Sounds like a forensic move to me, copying files over.
upvoted 0 times
...
Layla
3 months ago
I agree, it's about hidden and archived files for sure!
upvoted 0 times
...
Bernadine
3 months ago
I think it's more about showing hidden files, not just listing.
upvoted 0 times
...
My
3 months ago
It's definitely creating a file on the USB with a C: drive listing.
upvoted 0 times
...
Tequila
3 months ago
I don't think it's about comparing hashes; it seems more focused on gathering information from the C: drive instead.
upvoted 0 times
...
Marylyn
4 months ago
I feel like the command is more about copying files rather than just listing them, but I can't recall the exact details.
upvoted 0 times
...
Leigha
4 months ago
I remember practicing a similar question where we had to identify commands that show hidden files. This seems like it might be related to that.
upvoted 0 times
...
Corrie
4 months ago
I think the command is meant to create a file on the USB drive that lists the contents of the C: drive, but I'm not entirely sure.
upvoted 0 times
...
Louvenia
4 months ago
Ah, I see what's going on here. The lead handler is creating a directory listing of the C: drive, including all hidden and archived files, and then copying a specific file called IRCD.txt to the USB drive. Probably to preserve evidence or create a baseline for the investigation.
upvoted 0 times
...
Sherell
4 months ago
Hmm, the /s flag for a recursive directory listing and the /a for showing hidden and archived files makes me think this is about collecting forensic data from the system. Copying that file to the USB drive is likely part of the investigation process.
upvoted 0 times
...
Nicolette
5 months ago
The command seems to be listing the contents of the C: drive, including hidden and archived files, and copying a file called IRCD.txt to the USB drive. Probably to create a backup or preserve evidence.
upvoted 0 times
...
Mona
5 months ago
This looks like a straightforward directory listing command, but I'm not sure about the purpose of the /s and /a flags. I'll need to review those to understand the full intent.
upvoted 0 times
...
Mitsue
7 months ago
I think the correct answer is D, to compare a list of known good hashes on the USB drive to files on the local C: drive.
upvoted 0 times
...
Charlie
7 months ago
I think it might be to create a file on the USB drive that contains a listing of the C: drive.
upvoted 0 times
...
Estrella
7 months ago
I disagree, I believe it is to copy a forensic image of the local C: drive onto the USB drive.
upvoted 0 times
...
Jeff
8 months ago
Nah, I don't think it's copying a forensic image. That would take way too long. My money's on A - creating a file on the USB drive with a directory listing of the C: drive.
upvoted 0 times
...
Teresita
8 months ago
Haha, I bet the lead handler is just trying to impress everyone with their mad Windows skills. But seriously, I think it's C - copying a forensic image.
upvoted 0 times
...
Tricia
8 months ago
Hmm, I'm leaning towards B - showing hidden and archived files on the C: drive and copying them to the USB drive. Gotta love those sneaky system files!
upvoted 0 times
Teresita
7 months ago
User 3: Agreed, those hidden files can sometimes reveal a lot of information.
upvoted 0 times
...
Flo
7 months ago
User 2: Yeah, it's always good to check for hidden files during an investigation.
upvoted 0 times
...
Lashandra
7 months ago
User 1: I think B is the right choice too. Those hidden files can hold important clues.
upvoted 0 times
...
...
Arlean
8 months ago
I think the purpose is to show hidden and archived files on the C: drive and copy them to the USB drive.
upvoted 0 times
...
Patrick
8 months ago
That's a tricky one. I think it's copying a forensic image of the C: drive to the USB drive, but I'm not totally sure.
upvoted 0 times
Dean
7 months ago
User3: I'm pretty sure it's to copy a forensic image of the local C: drive onto the USB drive.
upvoted 0 times
...
Leanora
7 months ago
User2: No, I believe it's to create a file on the USB drive that contains a listing of the C: drive.
upvoted 0 times
...
Nickole
8 months ago
User1: I think it's to show hidden and archived files on the C: drive and copy them to the USB drive.
upvoted 0 times
...
...

Save Cancel