Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC Exam GCED Topic 6 Question 65 Discussion

Actual exam question for GIAC's GCED exam
Question #: 65
Topic #: 6
[All GCED Questions]

At the start of an investigation on a Windows system, the lead handler executes the following commands after inserting a USB drive. What is the purpose of this command? C:\ >dir / s / a dhsra d: \ > a: \ IRCD.txt

Show Suggested Answer Hide Answer
Suggested Answer: C

This command will create a text file on the collection media (in this case you would probably be using a USB flash drive) named IRCD.txt that should contain a recursive directory listing of all files on the desk.


by Moira at Jul 04, 2025, 03:44 AM

Limited Time Offer

25%

Off

Get Premium GCED Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Mitsue
11 days ago
I think the correct answer is D, to compare a list of known good hashes on the USB drive to files on the local C: drive.
upvoted 0 times
...
Charlie
19 days ago
I think it might be to create a file on the USB drive that contains a listing of the C: drive.
upvoted 0 times
...
Estrella
25 days ago
I disagree, I believe it is to copy a forensic image of the local C: drive onto the USB drive.
upvoted 0 times
...
Jeff
29 days ago
Nah, I don't think it's copying a forensic image. That would take way too long. My money's on A - creating a file on the USB drive with a directory listing of the C: drive.
upvoted 0 times
...
Teresita
1 months ago
Haha, I bet the lead handler is just trying to impress everyone with their mad Windows skills. But seriously, I think it's C - copying a forensic image.
upvoted 0 times
...
Tricia
1 months ago
Hmm, I'm leaning towards B - showing hidden and archived files on the C: drive and copying them to the USB drive. Gotta love those sneaky system files!
upvoted 0 times
Teresita
17 days ago
User 3: Agreed, those hidden files can sometimes reveal a lot of information.
upvoted 0 times
...
Flo
18 days ago
User 2: Yeah, it's always good to check for hidden files during an investigation.
upvoted 0 times
...
Lashandra
23 days ago
User 1: I think B is the right choice too. Those hidden files can hold important clues.
upvoted 0 times
...
...
Arlean
1 months ago
I think the purpose is to show hidden and archived files on the C: drive and copy them to the USB drive.
upvoted 0 times
...
Patrick
1 months ago
That's a tricky one. I think it's copying a forensic image of the C: drive to the USB drive, but I'm not totally sure.
upvoted 0 times
Dean
22 days ago
User3: I'm pretty sure it's to copy a forensic image of the local C: drive onto the USB drive.
upvoted 0 times
...
Leanora
23 days ago
User2: No, I believe it's to create a file on the USB drive that contains a listing of the C: drive.
upvoted 0 times
...
Nickole
1 months ago
User1: I think it's to show hidden and archived files on the C: drive and copy them to the USB drive.
upvoted 0 times
...
...

Save Cancel