According to the CHFI exam, the correct answer is C. Regshot.
Regshot is a tool that allows investigators to monitor and analyze changes made to the Windows Registry, making it an ideal tool to examine changes made by a suspect program.
Here's a brief overview of the other options:
A. TRIPWIRE: A host-based intrusion detection system, not specifically designed for registry analysis.
B. RAM Capturer: A tool used to capture the contents of physical memory (RAM), not related to registry analysis.
D. What's Running: A tool used to monitor and analyze running processes, not specifically designed for registry analysis.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
aqeel1506
11 months, 3 weeks agoElb
1 year, 2 months agodiomaya
2 years, 1 month agoChaoticda
3 years, 6 months ago