Systems Security Certified Practitioner (SSCP) — Question 36

Why would a memory dump be admissible as evidence in court?

Answer options

• A. Because it is used to demonstrate the truth of the contents.
• B. Because it is used to identify the state of the system.
• C. Because the state of the memory cannot be used as evidence.
• D. Because of the exclusionary rule.

Correct answer: B

Explanation

The correct answer is B because a memory dump provides a snapshot of the system's state at a specific moment, which can be crucial for forensic analysis. Option A is incorrect as it misinterprets the role of a memory dump, while C incorrectly states that memory state cannot be used as evidence. Option D is not relevant to the admissibility of evidence in this context.