Dennis thinks that Windows systems in his organization are being targeted by fileless viruses. If he wants to capture artifacts of their infection process, what options are MOST LIKELY to provide him with a view into what they are doing?

Fileless viruses often take advantage of PowerShell to perform actions once they have used a vulnerability in a browser or browser plug-in to inject themselves into system memory. Dennis’ best option from the list provided is to enable PowerShell logging and then review the logs on systems he believes are infected. Since fileless viruses don’t use files, an image of the disk is unlikely to provide much useful data. Disabling the administrative user won’t have an impact, since the compromise will happen inside the account of whichever user is logged in and impacted by the malware. Crash dump files could have artifacts of the fileless virus if the machine crashed while it was active, but unless that occurs they will not have that information.