In a scenario where a potential security incident has occurred on a cloud-based service, and an investigator is brought in to examine the system, what type of data acquisition would likely be beneficial in this situation? Also, explain the volatile data type that might be most interesting to the investigator.

A. Live acquisition should be employed to gather dynamic data from the system, concentrating on open files and command history

B. Dead acquisition should be used to collect static data from the system, focusing on slack space and swap files

C. Live acquisition would be advantageous to acquire volatile data, emphasizing data stored on cloud services and unencrypted containers that arc open on the system

D. Dead acquisition should be utilized to capture non-volatile data from the physical hard disk, focusing on unallocated drive space








 

Suggested Answer: C

Community Answer: A



This question is in 312-49V10 EC-Council Computer Hacking Forensic Investigator (CHFI) v10 Exam
For getting EC-Council Computer Hacking Forensic Investigator (CHFI) Certificate







Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by EC-Council. 
Trademarks, certification & product names are used for reference only and belong to EC-Council.
The website does not contain actual questions and answers from EC-Council's Certification Exams.