CompTIA CySA+ CS0-003 Practice Question
During an incident response, which of the following is the BEST method for preserving the state of volatile memory?
Encrypting the disk
Disconnecting the system from the network
Changing file permissions
Creating a memory image