CompTIA CySA+CS0-002 – Question077

A security analyst identified some potentially malicious processes after capturing the contents of memory from a machine during incident response. Which of the following procedures is the NEXT step for further investigation?

A.
Data carving
B. Timeline construction
C. File cloning
D. Reverse engineering

Correct Answer: D