Free Preparation Discussions
MENU
Eccouncil Exam 212-89 Topic 5 Question 73 Discussion
Topic #: 5
Clark is investigating a cybercrime at TechSoft Solutions. While investigating the case,
he needs to collect volatile information such as running services, their process IDs,
startmode, state, and status.
Which of the following commands will help Clark to collect such information from
running services?
WMIC (Windows Management Instrumentation Command-line) is a command-line tool that provides a unified interface for Windows management tasks, including the collection of system information. It allows administrators and forensic investigators to query the live system for information about running services, their process IDs, start modes, states, and statuses, among other data. The use of WMIC is particularly valuable in incident response scenarios for gathering volatile information from a system without having to install additional software, which might alter the state of the system being investigated. By executing specific WMIC commands, Clark can extract detailed information about the services running on a system at the time of the investigation, making it an essential tool for collecting volatile data in a forensically sound manner.
Lynelle
3 months agoSommer
3 months agoRonald
3 months agoGerald
2 months agoCorrie
2 months agoWilford
2 months agoShanda
3 months agoClement
3 months agoMarkus
3 months agoMirta
3 months agoTamesha
3 months agoLauran
3 months agoGayla
3 months agoIsabella
3 months agoGlendora
3 months agoEvette
3 months agoFatima
3 months agoMabel
4 months agoMiss
4 months agoEttie
2 months agoTimothy
3 months agoKizzy
3 months agoCherry
3 months ago