An investigator is studying a suspicious Windows service discovered on a corporate system that seems to be associated with malware. The service has a name similar to a genuine Windows service, runs as a SYSTEM account, and exhibits potentially harmful behavior. Which tool and method should the investigator use to study the service's behavior without allowing it to inflict more damage?

A. Deploy Autoruns for Windows to check if the suspicious service is configured to run at system bootup

B. Inspect the startup folder for the presence of the suspicious service using command prompt commands

C. Use SrvMan to stop the suspicious service and analyze its impact on the system

D. Utilize the Windows Service Manager to create an identical service and study its behavior








 

Suggested Answer: A

Community Answer: A



This question is in 312-49V10 EC-Council Computer Hacking Forensic Investigator (CHFI) v10 Exam
For getting EC-Council Computer Hacking Forensic Investigator (CHFI) Certificate







Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by EC-Council. 
Trademarks, certification & product names are used for reference only and belong to EC-Council.
The website does not contain actual questions and answers from EC-Council's Certification Exams.