CISSP · Question #1115
Which evidence collecting technique would be utilized when it is believed an attacker is employing a rootkit and a quick analysis is needed?
The correct answer is D. Live response. Live response is an evidence collecting technique that involves analyzing a system while it is still running, without shutting it down or altering it. Live response can be useful when it is believed that an attacker is employing a rootkit and a quick analysis is needed. A rootkit
Question
Which evidence collecting technique would be utilized when it is believed an attacker is employing a rootkit and a quick analysis is needed?
Options
- AMemory collection
- BForensic disk imaging
- CMalware analysis
- DLive response
How the community answered
(51 responses)- A16% (8)
- B8% (4)
- C4% (2)
- D73% (37)
Explanation
Live response is an evidence collecting technique that involves analyzing a system while it is still running, without shutting it down or altering it. Live response can be useful when it is believed that an attacker is employing a rootkit and a quick analysis is needed. A rootkit is a type of malicious software that hides itself and other malware from detection and removal by modifying the system's core components, such as the kernel, drivers, or libraries. A rootkit may also erase or alter the evidence of its presence or activities on the system, such as log files, registry entries, or processes. Therefore, live response can help capture the volatile data that may be lost or changed if the system is powered off or rebooted, such as memory contents, network connections, or running processes. Live response can also help identify and isolate the rootkit before it causes more damage or spreads to other systems.
Topics
Community Discussion
No community discussion yet for this question.