An analyst needs to forensically examine a Windows machine that was compromised by a threat actor. Intelligence reports state this specific threat actor is characterized by hiding malicious artifacts, especially with alternate data streams. Based on this intelligence, which of the following BEST explains alternate data streams?
A. A different way data can be streamlined if the user wants to use less memory on a Windows system for forking resources
B. A way to store data on an external drive attached to a Windows machine that is not readily accessible to users
C. A windows attribute that provides for forking resources and is potentially used to hide the presence of secret or malicious files inside the file records of a benign file
D. A Windows attribute that can be used by attackers to hide malicious files within system memory
Answer: D. A Windows attribute that can be used by attackers to hide malicious files within system memory
You might also like to view...
The Python module_______ is used to encrypt and decrypt messages.
a) encrypt. b) cipher. c) rotor. d) None of the above.
Why should redundant networks be implemented in many enterprise environments?
What will be an ideal response?
The ____ operator eliminates duplicate values in the results of a query.
A. UNIQUE B. NO DUPLICATE C. DISTINCT D. UNIQUE VALUES
When you create a query, you should follow some general guidelines for query design. What are these six guidelines?
What will be an ideal response?