Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC Exam GCIA Topic 6 Question 44 Discussion

Actual exam question for GIAC's GCIA exam
Question #: 44
Topic #: 6
[All GCIA Questions]

Peter works as a Technical Representative in a CSIRT for SecureEnet Inc. His team is called to investigate the computer of an employee, who is suspected for classified data theft. Suspect's computer runs on Windows operating system. Peter wants to collect data and evidences for further analysis. He knows that in Windows operating system, the data is searched in pre-defined steps for proper and efficient analysis. Which of the following is the correct order for searching data on a Windows based system?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Marge at Apr 29, 2024, 08:12 AM

Limited Time Offer

25%

Off

Get Premium GCIA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Fabiola
3 months ago
Wait, is 'interne t' a new type of trace I'm not familiar with? Maybe it's a typo, or a secret government thing. *strokes chin thoughtfully*
upvoted 0 times
Dwight
2 months ago
User 3: Let's focus on the correct order for searching data on a Windows system.
upvoted 0 times
...
Chaya
2 months ago
User 2: Yeah, it's probably supposed to be 'internet traces'.
upvoted 0 times
...
Ryann
2 months ago
User 1: I think 'interne t' is just a typo.
upvoted 0 times
...
...
Lavina
3 months ago
Hmm, I remember something about the registry being important, but where does it fit in the order? This is tricky.
upvoted 0 times
Jestine
2 months ago
B) Volatile data, file slack, file system, registry, memory dumps, system state backup, internet traces
upvoted 0 times
...
Helga
2 months ago
The registry is important for sure, it comes after file slack and before memory dumps.
upvoted 0 times
...
Levi
2 months ago
A) Volatile data, file slack, registry, memory dumps, file system, system state backup, internet traces
upvoted 0 times
...
...
Tony
3 months ago
Whoa, this is like a treasure hunt for digital evidence! I hope Peter's got his detective hat on.
upvoted 0 times
Jamika
2 months ago
C) Volatile data, file slack, internet traces, registry, memory dumps, system state backup, file system
upvoted 0 times
...
Tasia
3 months ago
B) Volatile data, file slack, file system, registry, memory dumps, system state backup, internet traces
upvoted 0 times
...
Dorthy
3 months ago
A) Volatile data, file slack, registry, memory dumps, file system, system state backup, internet traces
upvoted 0 times
...
...
Judy
4 months ago
Okay, let's think this through step-by-step. Volatile data first, then file slack, and the rest... hmm, I better double-check my notes.
upvoted 0 times
Phuong
2 months ago
D) Volatile data, file slack, registry, system state backup, internet traces, file system, memory dumps
upvoted 0 times
...
Valentine
3 months ago
C) Volatile data, file slack, internet traces, registry, memory dumps, system state backup, file system
upvoted 0 times
...
Rosendo
3 months ago
B) Volatile data, file slack, file system, registry, memory dumps, system state backup, internet traces
upvoted 0 times
...
Avery
3 months ago
A) Volatile data, file slack, registry, memory dumps, file system, system state backup, internet traces
upvoted 0 times
...
...
Ria
4 months ago
Ah, the old Windows forensics dance! This question is a classic. Let's see what the experts have to say.
upvoted 0 times
Ceola
3 months ago
B) Volatile data, file slack, file system, registry, memory dumps, system state backup, internet traces
upvoted 0 times
...
Coral
3 months ago
A) Volatile data, file slack, registry, memory dumps, file system, system state backup, internet traces
upvoted 0 times
...
...
Clarence
4 months ago
I agree with Denise, A) seems to be the most logical order for searching data on a Windows based system.
upvoted 0 times
...
Dudley
4 months ago
I disagree, I believe the correct order is B) Volatile data, file slack, file system, registry, memory dumps, system state backup, internet traces.
upvoted 0 times
...
Denise
4 months ago
I think the correct order is A) Volatile data, file slack, registry, memory dumps, file system, system state backup, internet traces.
upvoted 0 times
...
Ira
4 months ago
I agree with Dominque, A) seems to be the most logical order for searching data on a Windows based system.
upvoted 0 times
...
Wava
4 months ago
I disagree, I believe the correct order is B) Volatile data, file slack, file system, registry, memory dumps, system state backup, internet traces.
upvoted 0 times
...
Dominque
4 months ago
I think the correct order is A) Volatile data, file slack, registry, memory dumps, file system, system state backup, internet traces.
upvoted 0 times
...

Save Cancel