An incident responder wants to capture volatile memory comprehensively from a running machine for forensic purposes. The machine is running a very recent release of the Linux OS. Which of the following technical approaches would be the MOST feasible way to accomplish this capture?
A) Run the memdump utility with the -k flag. Run the memdump utility with the -k flag.
B) Use a loadable kernel module capture utility, such as LiME.
C) Run dd on/dev/mem. Run dd on/dev/mem.
D) Employ a stand-alone utility, such as FTK Imager.
Correct Answer:
Verified
Q331: An organization's network security administrator has been
Q332: A security engineer is assessing the controls
Q333: While investigating suspicious activity on a server,
Q334: A company recently implemented a new cloud
Q335: Developers are working on a new feature
Q337: A security architect has been assigned to
Q338: A project manager is working with a
Q339: After significant vulnerabilities and misconfigurations were found
Q340: A network engineer is upgrading the network
Q341: Ann, a retiring employee, cleaned out her
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents