As part of incident response, a technician is taking an image of a compromised system and copying the image to a remote image server (192.168.45.82)
The system drive is very large but does not contain the sensitive data.
The technician has limited time to complete this task.
Which of the following is the BEST command for the technician to run?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
In the given scenario, the technician needs to take an image of the compromised system's drive, which is very large but does not contain any sensitive data, and copy the image to a remote image server (192.168.45.82) in a limited time.
Out of the given options, the BEST command for the technician to run is option D, which is "dd if=/dev/sda | nc 192.168.45.82 3000".
Here's a detailed explanation of the reasons why this option is the BEST:
Therefore, option D, "dd if=/dev/sda | nc 192.168.45.82 3000", is the BEST command for the technician to run in this scenario.