What is the best source of data for analysis of a system that is potentially compromised by a rootkit?
A. checking for running processes using command line tools on the system
B. using static binaries in a trusted toolset imported to the machine to check running processes
C. reviewing active network connections with netstat or nbtstat
D. taking a forensic image of the machine
