PdfPrep.com

Which of the following is the BEST place to acquire evidence to perform data carving?

Pdfprep

During an investigation, a security analyst identified machines that are infected with malware the antivirus was unable to detect.

Which of the following is the BEST place to acquire evidence to perform data carving?
A . The system memory
B . The hard drive
C . Network packets
D . The Windows Registry

Answer: A

Explanation:

Reference:

https://resources.infosecinstitute.com/memory-forensics/#gref

https://www.computerhope.com/jargon/d/data-carving.htm

Exit mobile version