Of the following pieces of digital evidence, which would be collected FIRST from a live system involved in an incident?

Of the following pieces of digital evidence, which would be collected FIRST from a live system involved in an incident?
A . Event logs from a central repository
B . Directory listing of system files
C . Media in the CDrom drive
D . Swap space and page files

Answer: D

Explanation:

Best practices suggest that live response should follow the order of volatility, which means that you want to collect data which is changing the most rapidly.

The order of volatility is:

Memory

Swap or page file

Network status and current / recent network connections

Running processes

Open files

Latest GCED Dumps Valid Version with 88 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments