A security administrator suspects an employee has been emailing proprietary information to a competitor.
Company policy requires the administrator to capture an exact copy of the employee's hard disk.
Which of the following should the administrator use?
A.
dd B.
chmod C.
dnsenum D.
logger.
A.
A security administrator suspects an employee has been emailing proprietary information to a competitor.
Company policy requires the administrator to capture an exact copy of the employee's hard disk.
Which of the following should the administrator use?
A.
dd
B.
chmod
C.
dnsenum
D.
logger.
A.
The correct answer is A. dd.
dd stands for "data duplicator" and is a command-line utility used for creating a bit-by-bit copy of data. In this scenario, the security administrator needs to capture an exact copy of the employee's hard disk, which is what dd can do.
By using dd, the administrator can create an image of the entire hard disk, including all of its data and partitions, and save it to another storage device or file. This image can then be analyzed for any evidence of proprietary information being emailed to a competitor.
chmod is a command used to change permissions on files and directories, so it is not relevant in this scenario.
dnsenum is a tool used for DNS enumeration, which is the process of discovering DNS information for a domain, so it is not relevant in this scenario.
logger is a command used to add messages to the system log, so it is also not relevant in this scenario.