Computer Hacking Forensic Investigator (CHFI v10) — Question 361

John is working as a computer forensics investigator for a consulting firm in Canada. He is called to seize a computer at a local web caf purportedly used as a botnet server. John thoroughly scans the computer and finds nothing that would lead him to think the computer was a botnet server. John decides to scan the virtual memory of the computer to possibly find something he had missed. What information will the virtual memory scan produce?

Answer options

• A. It contains the times and dates of when the system was last patched
• B. It is not necessary to scan the virtual memory of a computer
• C. It contains the times and dates of all the system files
• D. Hidden running processes

Correct answer: D

Explanation

The correct answer is D because scanning virtual memory can uncover hidden processes that may not be visible during a standard file system scan. Options A and C pertain to system updates and file timestamps, which are not typically stored in virtual memory. Option B is incorrect as scanning virtual memory can provide critical insights into active processes.