Computer Hacking Forensic Investigator (CHFI v10) — Question 366
Which tool does the investigator use to extract artifacts left by Google Drive on the system?
Answer options
- A. PEBrowse Professional
- B. RegScanner
- C. RAM Capturer
- D. Dependency Walker
Correct answer: C
Explanation
The correct answer is C, RAM Capturer, which is designed to capture and analyze the volatile memory of a system, allowing investigators to extract artifacts. The other options, while useful for different purposes, do not specialize in extracting artifacts from memory related to Google Drive.