GIAC GCIA Exam - Topic 6 Question 44 Discussion

Actual exam question for GIAC's GCIA exam

Question #: 44
Topic #: 6

[All GCIA Questions]

Peter works as a Technical Representative in a CSIRT for SecureEnet Inc. His team is called to investigate the computer of an employee, who is suspected for classified data theft. Suspect's computer runs on Windows operating system. Peter wants to collect data and evidences for further analysis. He knows that in Windows operating system, the data is searched in pre-defined steps for proper and efficient analysis. Which of the following is the correct order for searching data on a Windows based system?

AVolatile data, file slack, registry, memory dumps, file system, system state backup, interne t traces

BVolatile data, file slack, file system, registry, memory dumps, system state backup, interne t traces

CVolatile data, file slack, internet traces, registry, memory dumps, system state backup, file system

DVolatile data, file slack, registry, system state backup, internet traces, file system, memory dumps

Show Suggested Answer

Suggested Answer: B

by Marge at Apr 29, 2024, 08:12 AM

Limited Time Offer

25%

Off

Get Premium GCIA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Glynda

3 months ago

Not sure about this, but I thought internet traces come before file system.

upvoted 0 times

...

Elli

3 months ago

Totally agree with B! It’s the standard order.

upvoted 0 times

...

Mayra

3 months ago

Wait, why is file system after memory dumps in D? That doesn’t seem right.

upvoted 0 times

...

Hester

4 months ago

I think C is the best choice.

upvoted 0 times

...

Veronika

4 months ago

Option B seems right to me.

upvoted 0 times

...

Zachary

4 months ago

I definitely remember that internet traces are usually one of the last things to check, but I’m torn between a couple of options here.

upvoted 0 times

...

Dallas

4 months ago

I feel like the registry should come before memory dumps, but I’m not completely confident about that.

upvoted 0 times

...

Barbra

4 months ago

I think I practiced a similar question where we had to prioritize volatile data and file slack, but I can't recall the rest of the sequence.

upvoted 0 times

...

Erick

5 months ago

I remember we discussed the importance of volatile data first, but I’m not sure about the exact order after that.

upvoted 0 times

...

Xuan

5 months ago

Whoa, this is a tricky one. There are a lot of different data sources to consider, and I'm not 100% sure of the proper order. I'll have to review my notes and try to reason through the best approach.

upvoted 0 times

...

Brandon

5 months ago

Okay, I think I've got this. The key is to start with the most volatile data first, then move through the different storage locations in a logical order. I'm pretty sure I can nail this one.

upvoted 0 times

...

Arlette

5 months ago

Hmm, I'm a bit unsure about this one. The order of steps seems important, but I'm not totally confident I know the right sequence. I'll have to think it through carefully.

upvoted 0 times

...

Carmela

5 months ago

This seems like a straightforward question on the proper order for searching data on a Windows system. I'll need to carefully review the options and think through the logical sequence.

upvoted 0 times

...

Jeannetta

5 months ago

I'm confident that the correct answer is B. The outcome depends on how the automation is configured.

upvoted 0 times

...

Lashawn

5 months ago

This is a good question to test our knowledge of Oracle Solaris 11 installation methods. I'm confident I can identify the three correct options that allow for a fully automated, hands-off installation process.

upvoted 0 times

...

Fabiola

9 months ago

Wait, is 'interne t' a new type of trace I'm not familiar with? Maybe it's a typo, or a secret government thing. *strokes chin thoughtfully*

upvoted 0 times

Dwight

8 months ago

User 3: Let's focus on the correct order for searching data on a Windows system.

upvoted 0 times

...

Chaya

9 months ago

User 2: Yeah, it's probably supposed to be 'internet traces'.

upvoted 0 times

...

Ryann

9 months ago

User 1: I think 'interne t' is just a typo.

upvoted 0 times

...

Lavina

10 months ago

Hmm, I remember something about the registry being important, but where does it fit in the order? This is tricky.

upvoted 0 times

Jestine

8 months ago

B) Volatile data, file slack, file system, registry, memory dumps, system state backup, internet traces

upvoted 0 times

...

Helga

8 months ago

The registry is important for sure, it comes after file slack and before memory dumps.

upvoted 0 times

...

Levi

9 months ago

A) Volatile data, file slack, registry, memory dumps, file system, system state backup, internet traces

upvoted 0 times

...

Tony

10 months ago

Whoa, this is like a treasure hunt for digital evidence! I hope Peter's got his detective hat on.

upvoted 0 times

Jamika

9 months ago

C) Volatile data, file slack, internet traces, registry, memory dumps, system state backup, file system

upvoted 0 times

...

Tasia

9 months ago

B) Volatile data, file slack, file system, registry, memory dumps, system state backup, internet traces

upvoted 0 times

...

Dorthy

10 months ago

A) Volatile data, file slack, registry, memory dumps, file system, system state backup, internet traces

upvoted 0 times

...

Judy

10 months ago

Okay, let's think this through step-by-step. Volatile data first, then file slack, and the rest... hmm, I better double-check my notes.

upvoted 0 times

Phuong

9 months ago

D) Volatile data, file slack, registry, system state backup, internet traces, file system, memory dumps

upvoted 0 times

...

Valentine

9 months ago

C) Volatile data, file slack, internet traces, registry, memory dumps, system state backup, file system

upvoted 0 times

...

Rosendo

10 months ago

B) Volatile data, file slack, file system, registry, memory dumps, system state backup, internet traces

upvoted 0 times

...

Avery

10 months ago

A) Volatile data, file slack, registry, memory dumps, file system, system state backup, internet traces

upvoted 0 times

...

Ria

10 months ago

Ah, the old Windows forensics dance! This question is a classic. Let's see what the experts have to say.

upvoted 0 times

Ceola

10 months ago

B) Volatile data, file slack, file system, registry, memory dumps, system state backup, internet traces

upvoted 0 times

...

Coral

10 months ago

A) Volatile data, file slack, registry, memory dumps, file system, system state backup, internet traces

upvoted 0 times

...

Clarence

11 months ago

I agree with Denise, A) seems to be the most logical order for searching data on a Windows based system.

upvoted 0 times

...

Dudley

11 months ago

I disagree, I believe the correct order is B) Volatile data, file slack, file system, registry, memory dumps, system state backup, internet traces.

upvoted 0 times

...

Denise

11 months ago

I think the correct order is A) Volatile data, file slack, registry, memory dumps, file system, system state backup, internet traces.

upvoted 0 times

...

Ira

11 months ago

I agree with Dominque, A) seems to be the most logical order for searching data on a Windows based system.

upvoted 0 times

...

Wava

11 months ago

I disagree, I believe the correct order is B) Volatile data, file slack, file system, registry, memory dumps, system state backup, internet traces.

upvoted 0 times

...

Dominque

11 months ago

I think the correct order is A) Volatile data, file slack, registry, memory dumps, file system, system state backup, internet traces.

upvoted 0 times

...