Eccouncil Exam 212-89 Topic 3 Question 75 Discussion

Actual exam question for Eccouncil's 212-89 exam

Question #: 75
Topic #: 3

[All 212-89 Questions]

Clark is investigating a cybercrime at TechSoft Solutions. While investigating the case,

he needs to collect volatile information such as running services, their process IDs,

startmode, state, and status.

Which of the following commands will help Clark to collect such information from

running services?

AOpenfiles

Bnetstat --ab

Cwmic

Dnet file

Show Suggested Answer

Suggested Answer: C

WMIC (Windows Management Instrumentation Command-line) is a command-line tool that provides a unified interface for Windows management tasks, including the collection of system information. It allows administrators and forensic investigators to query the live system for information about running services, their process IDs, start modes, states, and statuses, among other data. The use of WMIC is particularly valuable in incident response scenarios for gathering volatile information from a system without having to install additional software, which might alter the state of the system being investigated. By executing specific WMIC commands, Clark can extract detailed information about the services running on a system at the time of the investigation, making it an essential tool for collecting volatile data in a forensically sound manner.

by Junita at Jan 28, 2025, 01:49 PM

Limited Time Offer

25%

Off

Get Premium 212-89 Questions as Interactive Web-Based Practice Test or PDF