which of the following helps to determine when the system became infected?

A forensic analyst receives a hard drive containing malware quarantined by the antivirus
application. After creating an image and determining the directory location of the malware file,
which of the following helps to determine when the system became infected?

A forensic analyst receives a hard drive containing malware quarantined by the antivirus
application. After creating an image and determining the directory location of the malware file,
which of the following helps to determine when the system became infected?

A.
The malware file’s modify, access, change time properties.

B.
The timeline analysis of the file system.

C.
The time stamp of the malware in the swap file.

D.
The date/time stamp of the malware detection in the antivirus logs.



Leave a Reply 0

Your email address will not be published. Required fields are marked *