A malicious actor recently penetrated a company's network and moved laterally to the datacenter.
Upon investigation, a forensics firm wants to know what was in the memory on the compromised server.
Which of the following files should be given to the forensics firm?
A.
Security B.
Application C.
Dump D.
Syslog.
C.
A malicious actor recently penetrated a company's network and moved laterally to the datacenter.
Upon investigation, a forensics firm wants to know what was in the memory on the compromised server.
Which of the following files should be given to the forensics firm?
A.
Security
B.
Application
C.
Dump
D.
Syslog.
C.
The file that should be given to the forensics firm is a memory dump. A memory dump is a snapshot of the contents of a computer's RAM at a specific point in time, which can be used for forensic analysis.
In this scenario, a memory dump is needed to determine what was in the memory on the compromised server at the time of the attack. This information can be used to identify any malicious processes or activity that may have occurred and to help determine the extent of the breach.
The other files listed, such as the Security, Application, and Syslog files, are not likely to contain the information needed for this type of analysis. The Security file typically contains security-related events and messages, while the Application file contains information about applications running on the system. The Syslog file contains system messages generated by various processes.
In summary, the file that should be given to the forensics firm is a memory dump, as it provides a snapshot of the contents of the computer's RAM at the time of the attack, which can be used for forensic analysis.