You will use the volatility output text files located in the CYBV $400$ network folder in your Virtual Learning Environment VM to answer this question.

The psxview module is useful for detecting rootkits able to evade detection by modifying flinks and blinks.

Review the psxview text file.

Locate the PID $4912.$

Based on the results of psxview, select your assessment of PID $4912$ from the list below.

Question $10$ options:

PID $4912$ is the FTK Imager used to dump the memory from the subject computer. It is not a rootkit.

There is no expected entry of "false" in the pslist column. So it most likely isn't a rootkit.

Because it shows false in the csrss column, it is most likely a rootkit.

Because it shows true in both the pslist and psscan columns it is most likely a rootkit.