Which of the following of the MOST likely reason the analyst cannot find a process ID for the shell?

A forensic analyst suspects that a buffer overflow exists in a kernel module.

The analyst executes the following command:

dd if=/dev/ram of=/tmp/mem/dmp

The analyst then reviews the associated output:

^34^#AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/bin/bash^21^03#45

However, the analyst is unable to find any evidence of the running shell .

Which of the following of the MOST likely reason the analyst cannot find a process ID for the shell?
A . The NX bit is enabled
B . The system uses ASLR
C . The shell is obfuscated
D . The code uses dynamic libraries

View Answer

Answer: B