ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-49v10 All Questions

View all questions & answers for the 312-49v10 exam
Go to Exam

Exam 312-49v10 topic 1 question 350 discussion

Actual exam question from ECCouncil's 312-49v10
Question #: 350
Topic #: 1
[All 312-49v10 Questions]

The investigator wants to examine changes made to the system's registry by the suspect program. Which of the following tool can help the investigator?

  • A. TRIPWIRE
  • B. RAM Capturer
  • C. Regshot
  • D. What's Running
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Chaoticda at Dec. 14, 2021, 7:54 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
aqeel1506
11 months, 3 weeks ago
According to the CHFI exam, the correct answer is C. Regshot. Regshot is a tool that allows investigators to monitor and analyze changes made to the Windows Registry, making it an ideal tool to examine changes made by a suspect program. Here's a brief overview of the other options: A. TRIPWIRE: A host-based intrusion detection system, not specifically designed for registry analysis. B. RAM Capturer: A tool used to capture the contents of physical memory (RAM), not related to registry analysis. D. What's Running: A tool used to monitor and analyze running processes, not specifically designed for registry analysis.
upvoted 1 times
...
Elb
1 year, 2 months ago
C. Regshot is an open source registry comparison tool that allows you to take and compare two registry snapshots.
upvoted 1 times
...
diomaya
2 years, 1 month ago
Not on the EC Council book
upvoted 1 times
...
Chaoticda
3 years, 6 months ago
Correct answer
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel