ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam EC0-349 All Questions

View all questions & answers for the EC0-349 exam
Go to Exam

Exam EC0-349 topic 1 question 90 discussion

Actual exam question from ECCouncil's EC0-349
Question #: 90
Topic #: 1
[All EC0-349 Questions]

Volatile Memory is one of the leading problems for forensics. Worms such as code Red are memory resident and do write themselves to the hard drive, if you turn the system off they disappear. In a lab environment, which of the following options would you suggest as the most appropriate to overcome the problem of capturing volatile memory?

  • A. Use VMware to be able to capture the data in memory and examine it
  • B. Give the Operating System a minimal amount of memory, forcing it to use a swap file
  • C. Create a Separate partition of several hundred megabytes and place the swap file there
  • D. Use intrusion forensic techniques to study memory resident infections
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by AZERTY123 at May 7, 2020, 10:32 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AZERTY123
5 years, 2 months ago
This should be A as you can just copy over the vm memory file after hibernation. Where the swap file is a guess as you don't know how much memory the virus will use.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel