In which of the following locations would a forensic analyst look to find a hooked process?

In which of the following locations would a forensic analyst look to find a hooked process?

In which of the following locations would a forensic analyst look to find a hooked process?

A.
BIOS

B.
Slack space

C.
RAM

D.
Rootkit

Show Hint

Leave a Reply 3

Your email address will not be published. Required fields are marked *

Tracy

Tracy

I have found 2 possible answers for this. Which one is correct and why? Is this the same as “hooking” with a DLL injection?
Answer:
The correct answer is in ram. When your computer is up and running, processes are executable code running in RAM. Bad stuff will hook into say..explorer.exe to maybe hide things from you that are on your desktop.
OR
Answers: A
_ BIOS from http://class10e.com/CompTIA/in-which-of-the-following-locations-would-a-forensic-analyst-look-to-find-a-hooked-process/

Reply

Ric

Ric

Answer: C

BIOS wouldn’t be running any processes to get hooked.

Reply

Bob Downs

Bob Downs

I am pretty sure it is BIOS actually. If you were to set up techniques to augment OS behavior it wouldn’t make much sense to have it in RAM because it would only be done one time seeing as how the memory is wiped at shutdown. And not to mention this is the only place that says RAM is the answer.

Great site! I appreciate whoever set this up!

Reply