nerdexam
EC-Council

312-49V11 · Question #133

312-49V11 Question #133: Real Exam Question with Answer & Explanation

The correct answer is B. Performing remote acquisition of volatile data from a Linux machine using dd and netcat. The key constraint is limited physical access, so a remote volatile acquisition approach is preferred. Using tools like dd to read memory sources (where permitted) and piping via netcat enables collection over the network. Options C and D typically require local execution/install

Question

During a computer hacking forensic investigation, an investigator is tasked with acquiring volatile data from a live Linux system with limited physical access. Which methodology would be the most suitable for this scenario?

Options

  • AUsing Belkasoft Live RAM Capturer to extract the entire contents of the computer's volatile
  • BPerforming remote acquisition of volatile data from a Linux machine using dd and netcat
  • CUsing the fmem module and dd command locally to access the RAM and acquire its content
  • DPerforming local acquisition of RAM using the LiME tool

Explanation

The key constraint is limited physical access, so a remote volatile acquisition approach is preferred. Using tools like dd to read memory sources (where permitted) and piping via netcat enables collection over the network. Options C and D typically require local execution/installation; A is primarily oriented toward Windows environments.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-49V11 Practice