Computer Hacking Forensic Investigator (CHFI v10) — Question 193

What will the following Linux command accomplish?
dd if=/dev/mem of=/home/sam/mem.bin bs=1024

Answer options

• A. Copy the master boot record to a file
• B. Copy the contents of the system folder to a file
• C. Copy the running memory to a file
• D. Copy the memory dump file to an image file

Correct answer: C

Explanation

The command uses 'dd' to copy data from /dev/mem, which represents the physical memory of the system, to a file named mem.bin, hence it effectively copies the running memory to a file. The other options are incorrect because they refer to different data sources or types that are not related to the command's operation.