Register

An incident responder wants to capture volatile memory comprehensively from a running machine for forensic purposes. The machine is running a very recent release of the Linux OS…

An incident responder wants to capture volatile memory comprehensively from a running machine for forensic purposes. The machine is running a very recent release of the Linux OS…
24.6k views
2 votes
An incident responder wants to capture volatile memory comprehensively from a running machine for forensic purposes. The machine is running a very recent release of the Linux OS.

Which of the following technical approaches would be the MOST feasible way to accomplish this capture?

A. Run the memdump utility with the -k flag.
B. Use a loadable kernel module capture utility, such as LiME.
C. Run dd on/dev/mem.
D. Employ a stand-alone utility, such as FTK Imager

User Apogentus
by
8.9k points

1 Answer

1 vote

Final answer:

The most feasible way to capture volatile memory for forensic purposes on a Linux OS is by using a loadable kernel module capture utility, such as LiME.

Step-by-step explanation:

The most feasible way to capture volatile memory from a running machine for forensic purposes on a Linux OS is by using a loadable kernel module capture utility, such as LiME. LiME (Linux Memory Extractor) is a widely used tool that allows for the comprehensive capture of a machine's volatile memory. It works by creating a copy of the memory directly from the kernel, providing a forensically sound image for analysis.

User Griffith
by
8.0k points
← Prev Question Next Question →

Related questions

Ask a Question
Welcome to QAmmunity.org, where you can ask questions and receive answers from other members of our community.

9.4m questions

12.2m answers

Categories

Other Questions

Who was Adam Smith ? Anybody?
What can turn igneous rock into sediment?
What is meant by data mining ?
Link Copied!