What is the best source of data for analysis of a system that is potentially compromised by a rootkit?

What is the best source of data for analysis of a system that is potentially compromised by a rootkit?
A . checking for running processes using command line tools on the system
B . using static binaries in a trusted toolset imported to the machine to check running processes
C . reviewing active network connections with netstat or nbtstat
D . taking a forensic image of the machine

View Answer

Answer: D