Computer Hacking Forensic Investigator (CHFI) — Question 46
Which tool does the investigator use to extract artifacts left by Google Drive on the system?
Answer options
- A. PEBrowse Professional
- B. RegScanner
- C. RAM Capturer
- D. Dependency Walker
Correct answer: C
Explanation
The correct answer is C, RAM Capturer, as it is designed to capture volatile memory and can help in extracting artifacts related to applications like Google Drive. The other options, while useful for different purposes, do not focus specifically on artifact extraction from memory, making them less suitable for this task.