ExamTopics Logo
Mail Us[email protected]
Menu
Giac Discussions
exam questions

Exam GCFA All Questions

View all questions & answers for the GCFA exam
Go to Exam

Exam GCFA topic 1 question 15 discussion

Actual exam question from GIAC's GCFA
Question #: 15
Topic #: 1
[All GCFA Questions]

Peter works as a Technical Representative in a CSIRT for SecureEnet Inc. His team is called to investigate the computer of an employee, who is suspected for classified data theft. Suspect's computer runs on Windows operating system. Peter wants to collect data and evidences for further analysis. He knows that in
Windows operating system, the data is searched in pre-defined steps for proper and efficient analysis. Which of the following is the correct order for searching data on a Windows based system?

  • A. Volatile data, file slack, registry, memory dumps, file system, system state backup, internet traces
  • B. Volatile data, file slack, registry, system state backup, internet traces, file system, memory dumps
  • C. Volatile data, file slack, internet traces, registry, memory dumps, system state backup, file system
  • D. Volatile data, file slack, file system, registry, memory dumps, system state backup, internet traces
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by lidefefu at April 5, 2025, 5:53 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
1913a4b
3 months ago
Selected Answer: A
A is correct
upvoted 1 times
...
Jonesq
6 months, 3 weeks ago
Selected Answer: A
I think A
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel