ZuoTi.Pro
Question

An incident responder wants to capture volatile memory comprehensively from a running machine for forensic purposes....

An incident responder wants to capture volatile memory comprehensively from a running machine for forensic purposes. The machine is running a very recent release of the Linux OS.
Which of the following technical approaches would be the MOST feasible way to accomplish this capture?
A. Run the memdump utility with the -k flag.
B. Use a loadable kernel module capture utility, such as LiME.
C. Run dd on/dev/mem.
D. Employ a stand-alone utility, such as FTK Imager

engineering   Computer-Science   
0 0
Add a comment Improve this question Transcribed image text
Next > < Previous
Sort answers by oldest

Homework Answers

✔ Recommended Answer
Answer #1

The correct answer is option (d)

D. Employ a stand-alone utility, such as FTK Imager

REASON:

A will dump all of the Kernel memory, but no physical memory

FTK is also used by the professionals in court.

C will dump all the physical memory, but no kernel memory

0 0
Add a comment
Know the answer?
Add Answer to:
An incident responder wants to capture volatile memory comprehensively from a running machine for forensic purposes....
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Log In

Sign Up

Similar Homework Help Questions
ADVERTISEMENT
Free Homework Help App
Download From Google Play
Scan Your Homework
to Get Instant Free Answers
Need Online Homework Help?
Ask a Question
Get Answers For Free
Most questions answered within 3 hours.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT