Are you studying for the CEH certification?
Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
In terms of Order of Volatility (OOV) for forensic investigation, which of the following needs to be investigated first?
Optical drive
USB
OOV does not distinguish between these types of storage
Hard drive
The correct answer in would be A. These fall into the broad category of 'disk', since they are none of the other options provided.
2.1 Order of Volatility
When collecting evidence you should proceed from the volatile to the less volatile. Here is an example order of volatility for a typical system.
- registers, cache
- routing table, arp cache, process table, kernel statistics,
memory
- temporary file systems
- disk
- remote logging and monitoring data that is relevant to the
system in question
- physical configuration, network topology
- archival media
Train with Skillset and pass your certification exam. Faster. Guaranteed.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.