An employee has been accused of carrying out a crime from his corporate desktop PC. You have been asked to capture the current state of the PC, including all of its contents, according to proper forensic rules. When you locate the PC, it is turned off. What is the order of capture for this system?
A. hard drive, BIOS settings, external media
B. RAM, hard drive, external media
C. RAM, external media, hard drive
D. hard drive, external media, BIOS settings
A
Explanation: You should capture the forensic data in the following order: hard drive, BIOS settings, and external media.
RAM content would only be important if the PC was still running when you located it.
You might also like to view...
What is one of the disadvantages of a peer-to-peer network compared to a server-based network?
A. more difficult to setup and install B. more expensive C. higher administration costs D. limited security
A(n) _____ is a network attack in which an intruder gains access to a network and stays undetected with the intention of stealing data.
a. advanced persistent threat b. vishing scam c. identity threat d. data breach