Posted by: Pdfprep
Post Date: March 18, 2021
During an investigation, a security analyst identified machines that are infected with malware the antivirus was unable to detect.
Which of the following is the BEST place to acquire evidence to perform data carving?
A . The system memory
B . The hard drive
C . Network packets
D . The Windows Registry
Answer: A
Explanation:
Reference:
https://resources.infosecinstitute.com/memory-forensics/#gref
https://www.computerhope.com/jargon/d/data-carving.htm
Leave a Reply