Register
5. you must recover the contents of the arp cache as vital evidence of a manin- the-middle attack. should you shut down the pc and image the hard drive to preserve it?
145k views
5 votes
5. you must recover the contents of the arp cache as vital evidence of a manin- the-middle attack. should you shut down the pc and image the hard drive to preserve it?

User Hudson Worden
by
4.3k points

1 Answer

0 votes
No. If you power off the computer, the arp cache will be lost.

To recover the contents of the arp cache, you can simply run the arp utility and direct that output to a file. In this way, you are able to save the arp cache to a non-volatile medium, and it will be easily readable for your review in the investigation.

Alternatively, you could dump the system memory to an output file and then later search it for the arp cache; however, this method produces a lot more data that must be parsed, but could reveal other indicators of compromise. No
User Surender
by
5.3k points
Ask a Question
Welcome to QAmmunity.org, where you can ask questions and receive answers from other members of our community.

4.5m questions

5.9m answers

Other Questions

In which part is data processing done?
33. (03.03 LC) Technologies are having a negative impact on businesses. (2 points) O True False I need help smh
A school secretary has been asked to prepare a letter of learners what electronic device will she use​
How do you perceive the importance of Internet?
Bob is stationed as a spy in Cyberia for a week and wants to prove that he is alive every day of this week and has not been captured. He has chosen a secret random number, x, which he memorized and told
Link Copied!