Which of the following might contain data that was live in memory and not stored on the hard drive?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards

From $9.99Unlock all

Prepare for the Digital Forensics, Investigation, and Response Test. Study with multiple choice questions that include hints and explanations. Enhance your understanding of digital forensics principles and get ready for your exam!

Multiple Choice

Which of the following might contain data that was live in memory and not stored on the hard drive?

Memory contents can be moved to disk through paging, so a swap file on the hard drive can contain data that originally resided in RAM. This means live memory artifacts—things that were in use in RAM at the moment—can end up written to the swap file and later recovered during a forensic analysis. The swap file is the practical source among the options that directly links memory-resident data to non-volatile storage, making it a prime place to look for artifacts that were once in memory but are no longer in RAM.

Other items aren’t as directly tied to memory contents: a RAM cache exists in volatile memory and isn’t typically a disk-resident artifact; temporary internet files and system logs are files on disk that may reflect activity, but they aren’t memory pages that were swapped from RAM.

Which of the following might contain data that was live in memory and not stored on the hard drive?

Prepare for the Digital Forensics, Investigation, and Response Test. Study with multiple choice questions that include hints and explanations. Enhance your understanding of digital forensics principles and get ready for your exam!

Which of the following might contain data that was live in memory and not stored on the hard drive?

Get the latest from Examzify