exam questions

Exam 312-49v10 All Questions

View all questions & answers for the 312-49v10 exam

Exam 312-49v10 topic 1 question 633 discussion

Actual exam question from ECCouncil's 312-49v10
Question #: 633
Topic #: 1
[All 312-49v10 Questions]

Jeff is a forensics investigator for a government agency's cyber security office. Jeff is tasked with acquiring a memory dump of a Windows 10 computer that was involved in a DDoS attack on the government agency's web application. Jeff is onsite to collect the memory. What tool could Jeff use?

  • A. Memcheck
  • B. RAMMapper
  • C. Autopsy
  • D. Volatility
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
044f354
1 week ago
Selected Answer: D
None of the dedicated memory acquisition tools are listed. Volatility is the best AVAILABLE option. ECCouncil Official CHFI https://bookshelf.vitalsource.com/reader/books/9781635676969/ Module 06 Page 587 "Volatility Source: https://www.volatilityfoundation.org The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offers visibility into the runtime state of the system. The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research." Please UPVOTE
upvoted 1 times
...
Elb
4 months, 1 week ago
Selected Answer: D
D > 7.3. Demonstrate Memory Forensics Using Volatility & PhotoRec
upvoted 2 times
...
581777a
1 year, 1 month ago
Selected Answer: D
D. Volatility In the scenario described, Jeff could use the tool "Volatility" to acquire a memory dump of the Windows 10 computer. Volatility is an open-source framework specifically designed for memory forensics. It allows investigators to analyze and extract information from memory dumps, which can be critical in investigating cyber attacks, such as the DDoS attack mentioned. Options A, B, and C are not directly related to memory forensics: Memcheck is a component of the Valgrind tool for detecting memory-related errors in C and C++ programs. RAMMapper is not a recognized tool in the context of memory forensics. Autopsy is a digital forensics platform primarily used for analyzing disk images, not memory dumps.
upvoted 2 times
...
zybr
1 year, 2 months ago
Per page 583 (V10) you cannot use Volatility to dump the RAM, but you need to use another RAM dump tool and later use Volatility to analyse the contents. So I would say; no right answer here.
upvoted 3 times
581777a
1 year, 1 month ago
If this were a test question, and you were on the test, the correct answer would be volatility. So there is a right answer, it's the "best" answer.
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago