When a suspect prevents data from being written to disk by storing it in memory using memory-resident rootkits, it is called __________.

The correct answer is that this practice is referred to as data hiding.

Memory-resident rootkits operate by loading themselves into the system's memory and manipulating system resources to obscure their presence and activities. By preventing data from being written to disk, they effectively hide information from forensic investigators, as this data does not reside on the hard drive where it would typically be scrutinized during a forensic analysis. Instead, the data exists only in volatile memory (RAM), making it more challenging to detect and analyze, particularly after a system reboot or power loss when this data is lost.

Data hiding, therefore, accurately describes the actions taken by these rootkits, as they are designed specifically to conceal information from detection by hiding it in memory, rather than allowing it to be recorded or analyzed in more permanent storage locations like disks.

While the other terms may relate to various forms of data manipulation or obfuscation, they do not specifically capture the essence of utilizing memory to conceal information, making data hiding the most appropriate term in this context.