A forensic analyst receives a hard drive containing malware quarantined by the antivirus application. After creating an image and determining the directory location of the malware file, which of the following helps to determine when the system became infected?

Posted by: Pdfprep Category: CAS-002 Tags: , ,

A forensic analyst receives a hard drive containing malware quarantined by the antivirus application. After creating an image and determining the directory location of the malware file, which of the following helps to determine when the system became infected?
A . The malware file’s modify, access, change time properties.
B . The timeline analysis of the file system.
C . The time stamp of the malware in the swap file.
D . The date/time stamp of the malware detection in the antivirus logs.

Answer: B

Leave a Reply

Your email address will not be published.