Computer Hacking Forensic Investigator (CHFI v10) — Question 41

The investigator wants to examine changes made to the system's registry by the suspect program. Which of the following tool can help the investigator?

Answer options

• A. TRIPWIRE
• B. RAM Capturer
• C. Regshot
• D. What's Running

Correct answer: C

Explanation

Regshot is specifically designed to take snapshots of the Windows registry and compare them, making it ideal for tracking changes made by programs. TRIPWIRE, RAM Capturer, and What's Running serve different purposes, such as file integrity monitoring, memory capture, and process monitoring, and are not focused on registry changes.