A security analyst identified some potentially malicious processes after capturing the contents of memory from a machine during incident response. Which of the following procedures is the NEXT step for further investigation?

A. Data carving
B. Timeline construction
C. File cloning
D. Reverse engineering