212-89 Exam Dumps : EC Council Certified Incident Handler (ECIH v3)

The correct sequence of steps involved in forensic readiness planning, based on the activities described, is as follows:

Identify the potential evidence required for an incident.

Determine the source of the evidence.

Define a policy that determines the pathway to legally extract electronic evidence with minimal disruption.

Establish a policy for securely handling and storing the collected evidence.

Identify if the incident requires full or formal investigation.

Train the staff to handle the incident and preserve the evidence.

Create a special process for documenting the procedure.

The Volatility framework is a widely used tool for analyzing volatile memory (RAM) dumps. It is especially useful in digital forensics and malware analysis. One of the fundamental tasks in memory analysis is to list the processes that were running on the system at the time the memory dump was taken. Thepslistcommand in the Volatility framework serves this purpose by listing all processes from the process list in memory, which can provide valuable insights into what was happening on the system, including the presence of any malicious processes.

The syntax provided in the answer option corresponds to the usage of thepslistcommand with the Volatility tool, specifying the memory dump file to be analyzed (-f /root/Desktop/memdump.mem) and the profile of the system from which the dump was taken (--profile=Win2008SP1x86). This information is crucial for accurate analysis, as the profile helps Volatility interpret the memory structures correctly.

MxToolbox is a comprehensive tool designed for analyzing email headers and diagnosing various email delivery issues. When Francis received a spoofed email asking for his bank information, using MxToolbox to analyze the email headers would be appropriate. This tool helps in examining the source of the email, tracking the email's path across the internet from the sender to the receiver, and identifying any signs of email spoofing or malicious activity. It provides detailed information about the email servers encountered along the way and can help in verifying the authenticity of the email sender. Other options like EventLog Analyzer, Email Checker, and PoliteMail are tools used for different purposes such as analyzing system event logs, checking email address validity, and managing email communications, respectively, and do not specifically focus on analyzing email headers to the extent required for investigating a spoofed email incident.