An IT security analyst at a financial institution has been tasked to inspect a suspected compromised workstation after several employees reported unusual activity. The analyst needs to verify if a keylogger software is installed on the system. Which of the following actions is MOST effective in determining the presence of keylogging software on the workstation?
Ensure that the operating system and security software are up to date with the latest patches.
Review the list of running processes and installed programs on the system.
Check for unusual file permissions on critical system files and directories.
Examine outbound network traffic for transmission of sensitive data to unauthorized destinations.