What is the best source of data for analysis of a system that is potentially compromised by a rootkit?

What is the best source of data for analysis of a system that is potentially compromised by a rootkit?

Question:

What is the best source of data for analysis of a system that is potentially compromised by a rootkit?

Options:

checking for running processes using command line tools on the system

using static binaries in a trusted toolset imported to the machine to check running processes

reviewing active network connections with netstat or nbtstat

taking a forensic image of the machine

Correct Answer

The Correct Answer for this Question is

taking a forensic image of the machine

Leave a Comment