netsurfer802 Posted December 26, 2012 Share Posted December 26, 2012 I'm studying for the Security+ exam and in my study material noticed that one of the questions and answers I have says: In which of the following locations would a forensic analyst look to find a hooked process? A. BIOS B. Slack space C. RAM D. Rootkit Answer: A Yet when I tried to look information about a hooked process I came up with the follow--see link below--so which is right? http://wiki.answers.com/Q/Were_would_a_forensic_analyst_look_for_a_hooked_process Link to comment Share on other sites More sharing options...
primexx Posted December 26, 2012 Share Posted December 26, 2012 RAM. none of the other choices even potentially make sense. goretsky 1 Share Link to comment Share on other sites More sharing options...
Nick H. Supervisor Posted December 26, 2012 Supervisor Share Posted December 26, 2012 In which of the following locations would a forensic analyst look to find a hooked process?A. BIOS B. Slack space C. RAM D. Rootkit Answer: A Wait, is that answer from the book, or is that your assumption? RAM is definitely the answer. If the book is telling you differently, you might want to contact your professor (if you have one) to get him to let others know that there is an error. Link to comment Share on other sites More sharing options...
+John Teacake MVC Posted December 26, 2012 MVC Share Posted December 26, 2012 Yeah I dont even know why they put "Slack Space" in there. You could have rootkit because the Rootkit might be the one doing the hooking perhaps. Link to comment Share on other sites More sharing options...
primexx Posted December 27, 2012 Share Posted December 27, 2012 Yeah I dont even know why they put "Slack Space" in there. You could have rootkit because the Rootkit might be the one doing the hooking perhaps. a rootkit is a thing, not a location Link to comment Share on other sites More sharing options...
Dick Montage Posted December 27, 2012 Share Posted December 27, 2012 Ram is the only answer that makes any kind of sense! goretsky 1 Share Link to comment Share on other sites More sharing options...
Recommended Posts