GIAC Exam GCED Topic 8 Question 60 Discussion

Actual exam question for GIAC's GCED exam

Question #: 60
Topic #: 8

[All GCED Questions]

At the start of an investigation on a Windows system, the lead handler executes the following commands after inserting a USB drive. What is the purpose of this command? C:\ >dir / s / a dhsra d: \ > a: \ IRCD.txt

ATo create a file on the USB drive that contains a listing of the C: drive

BTo show hidden and archived files on the C: drive and copy them to the USB drive

CTo copy a forensic image of the local C: drive onto the USB drive

DTo compare a list of known good hashes on the USB drive to files on the local C: drive

Show Suggested Answer

Suggested Answer: E

After selecting ''fix it!'' with Hijack This you can always restore deleted items, because Hijack This keeps a backup of them.

by Paola at Mar 03, 2025, 07:19 PM

Limited Time Offer

25%

Off

Get Premium GCED Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Keena

1 months ago

Wait, is this a trick question? I mean, who even uses a: drives anymore? That's like, so 90s. I bet the real answer is to launch a secret missile strike on the C: drive. Just kidding, of course, but seriously, a: drives?

upvoted 0 times

Xenia

7 days ago

User 2: That could be it. Or maybe it's to create a file on the USB drive that contains a listing of the C: drive.

upvoted 0 times

...

Pearlene

12 days ago

User 1: Maybe it's to show hidden and archived files on the C: drive and copy them to the USB drive.

upvoted 0 times

...

Ilene

1 months ago

You're all wrong, it's clearly about comparing the files on the C: drive to a list of known good hashes on the USB drive. Gotta make sure nothing's been tampered with, you know?

upvoted 0 times

Dorothy

3 days ago

You're mistaken, it's to copy a forensic image of the local C: drive onto the USB drive.

upvoted 0 times

...

Barrie

5 days ago

No, I believe it's to show hidden and archived files on the C: drive and copy them to the USB drive.

upvoted 0 times

...

Leota

18 days ago

I think it's actually to create a file on the USB drive that contains a listing of the C: drive.

upvoted 0 times

...

Lavonna

2 months ago

Come on, guys, it's obvious this is about creating a forensic image of the C: drive onto the USB drive. That's the proper way to start an investigation, right? Get that data safely preserved before digging in.

upvoted 0 times

Ben

17 days ago

No, creating a forensic image is the first step to ensure the integrity of the investigation.

upvoted 0 times

...

Paola

19 days ago

But what about showing hidden and archived files? Wouldn't that be important too?

upvoted 0 times

...

Frank

20 days ago

I think you're right, creating a forensic image is crucial for preserving the data.

upvoted 0 times

...

Dacia

2 months ago

Nah, I don't think that's it. The command seems to be checking for hidden and archived files on the C: drive and copying them to the USB drive. Gotta love those hidden files, they could hold the key to the whole investigation!

upvoted 0 times

Blossom

7 days ago

Hidden files can definitely be crucial in an investigation.

upvoted 0 times

...

Rodolfo

17 days ago

I think you're right, it's all about finding those hidden files.

upvoted 0 times

...

Kanisha

2 months ago

I think the purpose of this command is to create a file on the USB drive that contains a directory listing of the C: drive. It's a basic way to gather some initial information about the system.

upvoted 0 times