A digital forensics team at a large company is investigating a case in which malicious code was downloaded
over an HTTPS connection and was running in memory, but was never committed to disk. Which of the
following techniques should the team use to obtain a sample of the malware binary?
A. pcap reassembly
B. SSD snapshot
C. Image volatile memory
D. Extract from checksums
over an HTTPS connection and was running in memory, but was never committed to disk. Which of the
following techniques should the team use to obtain a sample of the malware binary?
A. pcap reassembly
B. SSD snapshot
C. Image volatile memory
D. Extract from checksums