Which of the following would be MOST useful in determining which internal user was the source of
an attack that compromised another computer in its network?

A.
The attacking computer’s audit logs

B.
The firewall’s logs

C.
The domain controller’s logs.

D.
The target computer’s audit logs.