Employees report computer system crashes within the same week.
An analyst is investigating one of the computers that crashed and discovers multiple shortcuts in the system's startup folder.
It appears that the shortcuts redirect users to malicious URLs.
What is the next step the engineer should take to investigate this case?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
The next step the engineer should take to investigate the case of the computer system crashes is to identify the affected systems (Option C).
By identifying the affected systems, the engineer can determine the scope of the issue and prevent further damage. The engineer should first disconnect the affected system from the network to prevent further compromise and then investigate all other systems to see if they are affected.
After identifying the affected systems, the engineer should investigate the malicious URLs (Option D) to determine the extent of the threat and the type of malware that may have been installed on the systems. The engineer should gather as much information as possible about the malware, including its behavior and capabilities, and use this information to determine the best course of action.
Before removing the shortcut files (Option A), the engineer should first determine the full extent of the issue and ensure that all affected systems have been identified and secured. Removing the shortcut files too early could result in further compromise of the systems.
Checking the audit logs (Option B) is also an important step, but it should be done after the affected systems have been identified and secured. The audit logs may provide valuable information about the source of the attack and the actions taken by the attacker, but they should not be the first step in the investigation.