Volatile Memory is one of the leading problems for forensics. Worms such as code Red are memory resident and do write themselves to the hard drive, if you turn the system off they disappear. In a lab environment, which of the following options would you suggest as the most appropriate to overcome the problem of capturing volatile memory?
A) Use VMware to be able to capture the data in memory and examine it
B) Give the Operating System a minimal amount of memory, forcing it to use a swap file
C) Create a Separate partition of several hundred megabytes and place the swap file there
D) Use intrusion forensic techniques to study memory resident infections
Correct Answer:
Verified
Q481: What should you do when approached by
Q482: You are called in to assist the
Q483: What information do you need to recover
Q484: What does mactime, an essential part of
Q485: Chris has been called upon to investigate
Q487: One way to identify the presence of
Q488: Which of the following refers to the
Q489: An Employee is suspected of stealing proprietary
Q490: When examining a hard disk without a
Q491: The use of warning banners helps a
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents