During a cybersecurity incident, you suspect that an attacker has tampered with the memory contents of a compromised system to execute unauthorized actions. What is the most appropriate immediate action to preserve the current state of the system's memory for analysis?
Reboot the system in a safe mode and install system monitoring software.
Acquire a snapshot of the system's active memory.
Power off the system to prevent any further damage or data loss.
Run a complete antivirus scan to remove any potential threats before capturing memory contents.