During an incident response procedure, a security analyst collects a hard drive to analyze a possible vector of compromise. There is a Linux swap partition on the hard drive that needs to be checked.
Which of the following, should the analyst use to extract human-readable content from the partition?
A . strings
B . head
C . fsstat
D . dd
Answer: A
Explanation:
The strings command is a Linux utility that can extract human-readable content from any file or partition3. It can be used to analyze a Linux swap partition by finding text strings that may indicate malicious activity or compromise4. The head command (B) can only display the first few lines of a file or partition, which may not contain any useful information. The fsstat command © can only display file system statistics such as size, type, and layout, which may not reveal any human-readable content. The dd command (D) can only copy or convert a file or partition, which may not extract any human-readable content.
Reference:
3: https://linux.die.net/man/1/strings
4: https://www.linuxjournal.com/content/using-strings-command
Latest CS0-002 Dumps Valid Version with 220 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund