Which of the following is a volatile evidence collecting tool?

Netstat (network statistics) is a command-line tool that displays network connections (both incoming and outgoing), routing tables, and a number of network interface (and network protocol) statistics. It is considered a volatile evidence collecting tool because it gathers information that exists in the system's memory, which is lost upon shutdown or reboot. This makes it invaluable for collecting evidence of active connections and processes that are present at the time of the incident response but does not persistently store data that can be recovered later. This contrasts with tools like FTK Imager or ProDiscover Forensics, which are used for acquiring digital evidence in a non-volatile manner, such as disk imaging, and HashTool, which is used for validating the integrity of collected digital evidence through hashing.