Question 4 You are performing computer forensics and need to review data current

Question

Question 4

You are performing computer forensics and need to review data currently in RAM. What do you do to ensure you don't lose or modify the RAM data?

A Shut down the computer and then restart it when connected to a network segment.

B Use a forensics kit such as Helix Live.

C Use the xcopy command.

D Use the find command.

A Shut down the computer and then restart it when connected to a network segment.

B Use a forensics kit such as Helix Live.

C Use the xcopy command.

D Use the find command.

Explanation / Answer

Answer:

Option (B) : Use a forenscics kit such as Helix live.

Why Option (B)? why not other Choices ?

Computer forensics a process of identifying and analysing avalable data which is deleted or hidden information for digital evidence from any source.

There are two types of data

Why option (B)?

Most importantly while using Helix, the system is not affected. It keeps intigrity of files as it doesn't allows to modify data. For this purpose it creates an MD5 checksum file for every file created. This is very important because if even one bit of file is changes, it's MD5 checksum will also change.

Related Questions

Navigate

• Browse (All)
• Browse Q
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.