ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-49v10 All Questions

View all questions & answers for the 312-49v10 exam
Go to Exam

Exam 312-49v10 topic 1 question 90 discussion

Actual exam question from ECCouncil's 312-49v10
Question #: 90
Topic #: 1
[All 312-49v10 Questions]

Volatile Memory is one of the leading problems for forensics. Worms such as code Red are memory resident and do write themselves to the hard drive, if you turn the system off they disappear. In a lab environment, which of the following options would you suggest as the most appropriate to overcome the problem of capturing volatile memory?

  • A. Use VMware to be able to capture the data in memory and examine it
  • B. Give the Operating System a minimal amount of memory, forcing it to use a swap file
  • C. Create a Separate partition of several hundred megabytes and place the swap file there
  • D. Use intrusion forensic techniques to study memory resident infections
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by davideselvaggi at Nov. 29, 2021, 2:06 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Manzer
7 months, 4 weeks ago
Selected Answer: A
VMware is a virtualization software that can be used to create a virtual machine on a physical host system. By creating a virtual machine, the forensic analyst can install an operating system and software that is identical to the system being investigated. When the system is running, VMware can capture a snapshot of the virtual machine's memory, which can be analyzed later. This method ensures that the volatile memory is captured before it disappears when the system is shut down. It also provides a safe and isolated environment to analyze the data. Options B and C are not recommended as they involve manipulating the system's memory management, which could alter or destroy critical data. The use of swap files can also overwrite important data. Option D may be useful in some situations, but it is not specifically designed for capturing volatile memory. Intrusion forensic techniques focus on identifying and analyzing the steps taken by an attacker to gain access to a system, rather than capturing volatile memory.
upvoted 4 times
...
davideselvaggi
1 year, 11 months ago
it is C
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago