An investigator is tasked with analyzing metadata from a suspected MAC system in a case of data theft. They have decided to parse the Spotlight database file, store.db. Which of the following tools and steps would be most effective for obtaining recently accessed file details from this MacOS system?

A. Running the spotlight_parser Python script on the store.db file to extract file metadata

B. Using the OS X Auditor to hash artifacts on the running system

C. Implementing the Stellar Data Recovery Professional for Mac to recover lost or deleted data

D. Utilizing Memoryze for the Mac to analyze the memory images of the Mac machine








 

Suggested Answer: A

Community Answer: A



This question is in 312-49V10 EC-Council Computer Hacking Forensic Investigator (CHFI) v10 Exam
For getting EC-Council Computer Hacking Forensic Investigator (CHFI) Certificate







Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by EC-Council. 
Trademarks, certification & product names are used for reference only and belong to EC-Council.
The website does not contain actual questions and answers from EC-Council's Certification Exams.