Final answer:
To trace a cryptocurrency transaction after a ransomware attack, a forensics company would review the public ledger. This ledger contains detailed records of all transactions that can be used to trace the funds.
Step-by-step explanation:
After a ransomware attack, when a forensics company needs to review a cryptocurrency transaction between the victim and the attacker, they will most likely review A. The public ledger. This ledger is a record of all transactions made with the cryptocurrency in question, which is maintained across several computers that are part of the cryptocurrency's network. Each transaction includes the wallet addresses of the sender and receiver, the amount of cryptocurrency transferred, and a timestamp. Although these addresses are often pseudonymous, with additional information or context, they can sometimes be traced back to real-world entities. The public nature of the ledger allows anyone to view these transactions, making it possible to trace this transaction and potentially identify the wallet used by the attacker.