Computer Hacking Forensic Investigator (CHFI v10) — Question 177
Jeff is a forensics investigator for a government agency's cyber security office. Jeff is tasked with acquiring a memory dump of a Windows 10 computer that was involved in a DDoS attack on the government agency's web application. Jeff is onsite to collect the memory. What tool could Jeff use?
Answer options
- A. Memcheck
- B. RAMMapper
- C. Autopsy
- D. Volatility
Correct answer: D
Explanation
The correct tool for acquiring a memory dump is Volatility, as it is specifically designed for analyzing and extracting data from volatile memory. Memcheck and RAMMapper do not have the capabilities needed for memory acquisition, while Autopsy is focused on digital forensics and file recovery rather than memory analysis.