A Computer Hacking Forensic Investigator is acquiring volatile data from a Linux-based suspect machine that they cannot physically access. They need to obtain a dump of the system's RAM remotely. Which of the following sequences of commands and tools should be utilized for a forensically sound extraction? A. On the forensic workstation: insmod lime-.ko "path= format=lime"; on the suspect machine: nc : > filename.mem B. On the suspect machine: insmod lime-.ko "path=tcp: format=lime": on the forensics workstation: nc : > filename.mem C. On the forensic workstation: nc -l > filename.dd; on the suspect machine: dd if=/dev/fmem bs=l024 | nc D. On the suspect machine: dd if=/dev/fmem of= bs=lMB; on the forensic workstation: nc -l > filename.dd  Suggested Answer: B Community Answer: B This question is in 312-49V10 EC-Council Computer Hacking Forensic Investigator (CHFI) v10 Exam For getting EC-Council Computer Hacking Forensic Investigator (CHFI) Certificate Disclaimers: The website is not related to, affiliated with, endorsed or authorized by EC-Council. Trademarks, certification & product names are used for reference only and belong to EC-Council. The website does not contain actual questions and answers from EC-Council's Certification Exams.
Please login or Register to submit your answer
