Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-49 All Questions

View all questions & answers for the 312-49 exam
Go to Exam

Exam 312-49 topic 1 question 90 discussion

Actual exam question from ECCouncil's 312-49
Question #: 90
Topic #: 1
[All 312-49 Questions]

Volatile Memory is one of the leading problems for forensics. Worms such as code Red are memory resident and do write themselves to the hard drive, if you turn the system off they disappear. In a lab environment, which of the following options would you suggest as the most appropriate to overcome the problem of capturing volatile memory?

  • A. Use VMware to be able to capture the data in memory and examine it
  • B. Give the Operating System a minimal amount of memory, forcing it to use a swap file
  • C. Create a Separate partition of several hundred megabytes and place the swap file there
  • D. Use intrusion forensic techniques to study memory resident infections
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by jordy55 at Nov. 17, 2022, 9:32 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Bennoli13
5 months, 2 weeks ago
A. Use VMware to be able to capture the data in memory and examine it Using virtualization software like VMware allows you to take snapshots of the entire system state, including the contents of volatile memory. This snapshot can be analyzed later to investigate memory-resident malware without the risk of losing data when the system is powered off. Virtualization provides a controlled environment where you can capture and analyze volatile memory effectively.
upvoted 1 times
...
jordy55
2 years ago
Selected Answer: A
A memory snapshot in VMWare is way easier then just placing swap on a separate partition.
upvoted 3 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel