Joe a user upon arriving to work on Monday morning noticed several files were deleted from the
system. There were no records of any scheduled network outages or upgrades to the system. Joe
notifies the security department of the anomaly found and removes the system from the network.
Which of the following is the NEXT action that Joe should perform?
A.
Screenshots of systems
B.
Call the local police
C.
Perform a backup
D.
Capture system image
D.
Capturing system image takes first priority over screenshots
Capturing an image of the operating system in its exploited state can be helpful in revisiting the issue after the fact to learn more about it. Very much as helpful in same way that a virus sample is kept in laboratories to study later after a breakout. Also you should act in the order of volatility which states that the system image capture is first on the list of a forensic analysis.
Capturing an image of the system is the process of making an exact copy of the contents of the hard drive in the system.
According to the CompTIA book, capture system image is step 1. So the answer is D.
answer is A
Joe is user not a security specialist
He disconnected the machine from the network tho. Also, as it previously talked with the Sec dept it is likely that he was given the appropriate instructions.
D is the correct answer.
User doesn’t have permission to image the system. Only effort he can do is screen shot
When you don’t read the question fully and get shown up #rekt