CompTIA CySA+ CS0-003 Practice Question
During an incident response, which of the following is the BEST method for preserving the state of volatile memory?
Changing file permissions
Encrypting the disk
Disconnecting the system from the network
Creating a memory image