GIAC GCIA Exam - Topic 6 Question 44 Discussion

Actual exam question for GIAC's GCIA exam

Question #: 44
Topic #: 6

Peter works as a Technical Representative in a CSIRT for SecureEnet Inc. His team is called to investigate the computer of an employee, who is suspected for classified data theft. Suspect's computer runs on Windows operating system. Peter wants to collect data and evidences for further analysis. He knows that in Windows operating system, the data is searched in pre-defined steps for proper and efficient analysis. Which of the following is the correct order for searching data on a Windows based system?

AVolatile data, file slack, registry, memory dumps, file system, system state backup, interne t traces

BVolatile data, file slack, file system, registry, memory dumps, system state backup, interne t traces

CVolatile data, file slack, internet traces, registry, memory dumps, system state backup, file system

DVolatile data, file slack, registry, system state backup, internet traces, file system, memory dumps

Show Suggested Answer

Suggested Answer: B

by Marge at Apr 29, 2024, 08:12 AM

Limited Time Offer

25%

Off

Get Premium GCIA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Glynda

6 months ago

Not sure about this, but I thought internet traces come before file system.

upvoted 0 times

...

Elli

6 months ago

Totally agree with B! It’s the standard order.

upvoted 0 times

...

Mayra

6 months ago

Wait, why is file system after memory dumps in D? That doesn’t seem right.

upvoted 0 times

...

Hester

7 months ago

I think C is the best choice.

upvoted 0 times

...

Veronika

7 months ago

Option B seems right to me.

upvoted 0 times

...

Zachary

7 months ago

I definitely remember that internet traces are usually one of the last things to check, but I’m torn between a couple of options here.

upvoted 0 times

...

Dallas

7 months ago

I feel like the registry should come before memory dumps, but I’m not completely confident about that.

upvoted 0 times

...

Barbra

8 months ago

I think I practiced a similar question where we had to prioritize volatile data and file slack, but I can't recall the rest of the sequence.

upvoted 0 times

...

Erick

8 months ago

I remember we discussed the importance of volatile data first, but I’m not sure about the exact order after that.

upvoted 0 times

...

Xuan

8 months ago

Whoa, this is a tricky one. There are a lot of different data sources to consider, and I'm not 100% sure of the proper order. I'll have to review my notes and try to reason through the best approach.

upvoted 0 times

...

Brandon

8 months ago

Okay, I think I've got this. The key is to start with the most volatile data first, then move through the different storage locations in a logical order. I'm pretty sure I can nail this one.

upvoted 0 times

...

Arlette

8 months ago

Hmm, I'm a bit unsure about this one. The order of steps seems important, but I'm not totally confident I know the right sequence. I'll have to think it through carefully.

upvoted 0 times

...

Carmela

8 months ago

This seems like a straightforward question on the proper order for searching data on a Windows system. I'll need to carefully review the options and think through the logical sequence.

upvoted 0 times

...

Jeannetta

8 months ago

I'm confident that the correct answer is B. The outcome depends on how the automation is configured.

upvoted 0 times

...

Lashawn

8 months ago

This is a good question to test our knowledge of Oracle Solaris 11 installation methods. I'm confident I can identify the three correct options that allow for a fully automated, hands-off installation process.

upvoted 0 times

...

Fabiola

1 year ago

Wait, is 'interne t' a new type of trace I'm not familiar with? Maybe it's a typo, or a secret government thing. *strokes chin thoughtfully*

upvoted 0 times

Dwight

11 months ago

User 3: Let's focus on the correct order for searching data on a Windows system.

upvoted 0 times

...

Chaya

12 months ago

User 2: Yeah, it's probably supposed to be 'internet traces'.

upvoted 0 times

...

Ryann

1 year ago

User 1: I think 'interne t' is just a typo.

upvoted 0 times

...

Lavina

1 year ago

Hmm, I remember something about the registry being important, but where does it fit in the order? This is tricky.

upvoted 0 times

Jestine

11 months ago

B) Volatile data, file slack, file system, registry, memory dumps, system state backup, internet traces

upvoted 0 times

...

Helga

12 months ago

The registry is important for sure, it comes after file slack and before memory dumps.

upvoted 0 times

...

Levi

12 months ago

A) Volatile data, file slack, registry, memory dumps, file system, system state backup, internet traces

upvoted 0 times

...

Tony

1 year ago

Whoa, this is like a treasure hunt for digital evidence! I hope Peter's got his detective hat on.

upvoted 0 times

Jamika

12 months ago

C) Volatile data, file slack, internet traces, registry, memory dumps, system state backup, file system

upvoted 0 times

...

Tasia

1 year ago

B) Volatile data, file slack, file system, registry, memory dumps, system state backup, internet traces

upvoted 0 times

...

Dorthy

1 year ago

A) Volatile data, file slack, registry, memory dumps, file system, system state backup, internet traces

upvoted 0 times

...

Judy

1 year ago

Okay, let's think this through step-by-step. Volatile data first, then file slack, and the rest... hmm, I better double-check my notes.

upvoted 0 times

Phuong

12 months ago

D) Volatile data, file slack, registry, system state backup, internet traces, file system, memory dumps

upvoted 0 times

...

Valentine

1 year ago

C) Volatile data, file slack, internet traces, registry, memory dumps, system state backup, file system

upvoted 0 times

...

Rosendo

1 year ago

B) Volatile data, file slack, file system, registry, memory dumps, system state backup, internet traces

upvoted 0 times

...

Avery

1 year ago

A) Volatile data, file slack, registry, memory dumps, file system, system state backup, internet traces

upvoted 0 times

...

Ria

1 year ago

Ah, the old Windows forensics dance! This question is a classic. Let's see what the experts have to say.

upvoted 0 times

Ceola

1 year ago

B) Volatile data, file slack, file system, registry, memory dumps, system state backup, internet traces

upvoted 0 times

...

Coral

1 year ago

A) Volatile data, file slack, registry, memory dumps, file system, system state backup, internet traces

upvoted 0 times

...

Clarence

1 year ago

I agree with Denise, A) seems to be the most logical order for searching data on a Windows based system.

upvoted 0 times

...

Dudley

1 year ago

I disagree, I believe the correct order is B) Volatile data, file slack, file system, registry, memory dumps, system state backup, internet traces.

upvoted 0 times

...

Denise

1 year ago

I think the correct order is A) Volatile data, file slack, registry, memory dumps, file system, system state backup, internet traces.

upvoted 0 times

...

Ira

1 year ago

I agree with Dominque, A) seems to be the most logical order for searching data on a Windows based system.

upvoted 0 times

...

Wava

1 year ago

I disagree, I believe the correct order is B) Volatile data, file slack, file system, registry, memory dumps, system state backup, internet traces.

upvoted 0 times

...

Dominque

1 year ago

I think the correct order is A) Volatile data, file slack, registry, memory dumps, file system, system state backup, internet traces.

upvoted 0 times

...