CompTIA
CAS-003 · Question #512
CAS-003 Question #512: Real Exam Question with Answer & Explanation
Sign in or unlock CAS-003 to reveal the answer and full explanation for question #512. The question stem and answer options stay visible for context.
Question
An incident responder wants to capture volatile memory comprehensively from a running machine for forensic purposes. The machine is running a very recent release of the Linux OS. Which of the following technical approaches would be the MOST feasible way to accomplish this capture?
Options
- ARun the memdump utility with the -k flag.
- BUse a loadable kernel module capture utility, such as LiME.
- CRun dd on/dev/mem.
- DEmploy a stand-alone utility, such as FTK Imager.
Unlock CAS-003 to see the answer
You've previewed enough free CAS-003 questions. Unlock CAS-003 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.