The correct answer is D because credential dumping tools are specifically designed to collect authentication material such as passwords, password hashes, cached credentials, and Kerberos tickets from a compromised Windows endpoint. In CEH System Hacking concepts, attackers attempt to obtain credentials after gaining access so they can escalate privileges, perform pass-the-hash/pass-the-ticket attacks, or move laterally. Windows stores authentication-related data in locations such as the SAM database and also keeps useful credential material in memory while users are logged in. The CEH-aligned guide notes that Windows stores authentication credentials as password hashes in the SAM file, and that tools can steal hashes from memory or extract passwords/hashes/Kerberos tickets using tools such as Mimikatz. Therefore, the asset being targeted is not the network, logs, or service availability. Logs would be targeted by anti-forensics, availability by DoS, and network by sniffing or scanning. Credential dumping directly targets credentials, making option D the best answer.