Computer Hacking Forensic Investigator (CHFI v10) — Question 203

Which of the following is the most effective tool for acquiring volatile data from a Windows-based system?

Answer options

• A. Helix
• B. Datagrab
• C. Coreography
• D. Ethereal

Correct answer: A

Explanation

Helix is specifically designed for forensic analysis and is highly effective at capturing volatile data from Windows systems. The other options, while useful in various contexts, do not specialize in the acquisition of volatile data to the same extent as Helix.