Notifications
Clear all
Topic starter
08/07/2022 3:08 pm
Ann, a user, reports to the security team that her browser began redirecting her to random sites while using her Windows laptop. Ann further reports that the OS shows the C: drive is out of space despite having plenty of space recently. Ann claims she not downloaded anything.
The security team obtains the laptop and begins to investigate, noting the following:
✑ File access auditing is turned off.
✑ When clearing up disk space to make the laptop functional, files that appear to be cached web pages are immediately created in a temporary directory, filling up the available drive space.
✑ All processes running appear to be legitimate processes for this user and machine.
✑ Network traffic spikes when the space is cleared on the laptop.
✑ No browser is open.
Which of the following initial actions and tools would provide the BEST approach to determining what is happening?
- A . Delete the temporary files, run an Nmap scan, and utilize Burp Suite.
- B . Disable the network connection, check Sysinternals Process Explorer, and review netstat output.
- C . Perform a hard power down of the laptop, take a dd image, and analyze with FT
- E . Review logins to the laptop, search Windows Event Viewer, and review Wireshark captures.
Suggested Answer: B