Free Preparation Discussions
MENU
Eccouncil Exam 212-89 Topic 5 Question 73 Discussion
Topic #: 5
Clark is investigating a cybercrime at TechSoft Solutions. While investigating the case,
he needs to collect volatile information such as running services, their process IDs,
startmode, state, and status.
Which of the following commands will help Clark to collect such information from
running services?
WMIC (Windows Management Instrumentation Command-line) is a command-line tool that provides a unified interface for Windows management tasks, including the collection of system information. It allows administrators and forensic investigators to query the live system for information about running services, their process IDs, start modes, states, and statuses, among other data. The use of WMIC is particularly valuable in incident response scenarios for gathering volatile information from a system without having to install additional software, which might alter the state of the system being investigated. By executing specific WMIC commands, Clark can extract detailed information about the services running on a system at the time of the investigation, making it an essential tool for collecting volatile data in a forensically sound manner.
Lynelle
12 days agoSommer
13 days agoRonald
15 days agoWilford
2 days agoShanda
3 days agoClement
17 days agoMarkus
19 days agoMirta
25 days agoTamesha
9 days agoLauran
12 days agoGayla
27 days agoIsabella
4 days agoGlendora
7 days agoEvette
9 days agoFatima
21 days agoMabel
1 months agoMiss
1 months agoEttie
2 days agoTimothy
6 days agoKizzy
15 days agoCherry
21 days ago