Which of the following technical approaches would be the MOST feasible way to accomplish this capture?

Posted by: Pdfprep Category: CAS-003 Tags: CAS-003 exam questions, CAS-003 practice exam, CompTIA CASP Post Date: November 10, 2020

An incident responder wants to capture volatile memory comprehensively from a running machine for forensic purposes. The machine is running a very recent release of the Linux OS.

Which of the following technical approaches would be the MOST feasible way to accomplish this capture?
A . Run the memdump utility with the -k flag.
B . Use a loadable kernel module capture utility, such as LiM
D . Run dd on/dev/mem.
E . Employ a stand-alone utility, such as FTK Imager.

Answer: D

Which of the following technical approaches would be the MOST feasible way to accomplish this capture?

Author

Leave a Reply Cancel reply