Multiple Choice
An incident responder wants to capture volatile memory comprehensively from a running machine for forensic purposes. The machine is running a very recent release of the Linux OS. Which of the following technical approaches would be the MOST feasible way to accomplish this capture?
A) Run the memdump utility with the -k flag. Run the memdump utility with the -k flag.
B) Use a loadable kernel module capture utility, such as LiME.
C) Run dd on/dev/mem. Run dd on/dev/mem.
D) Employ a stand-alone utility, such as FTK Imager.
Correct Answer:
Verified
Correct Answer:
Verified
Q347: Company leadership believes employees are experiencing an
Q348: While investigating suspicious activity on a server,
Q349: A new database application was added to
Q350: A security administrator adding a NAC requirement
Q351: A security administrator is troubleshooting RADIUS authentication
Q353: A hospital is using a functional magnetic
Q354: Several days after deploying an MDM for
Q355: A security engineer is attempting to increase
Q356: A project manager is working with system
Q357: Which of the following attacks can be