Scan QR code or get instant email to install app
Question:
James has to perform a forensic investigation of a running virtual machine (VM). What forensic evidence should he collect?
A
A snapshot of the VM using the underlying virtualization environment.
explanation
Forensic investigation of virtual machines generally depends on obtaining a snapshot using the virtualization platform's built-in snapshot features. This approach captures both the memory state and the disk for the system and can be examined using forensic tools or run on a separate system.
Take more free practice tests for other PASSEMALL topics with our security + practice test now!
Related Information
Comments