Exam CS0-002 topic 1 question 4 discussion

Answer: strings The strings command returns strings of printable characters in files. It's mainly used for extracting text (strings) from non-text files like binary/data files and help us understand the contents of the files. Binary files can contain non-printable characters which doesn't work well with the terminal. We can assume printable characters means human-readable which works for the situation. The dd (disk duplicator/destroyer) command is used in forensics for raw images of a system that can be used in tools like Autopsy or FTK for analysis. You can extract raw data with the command but it doesn't mean that the extracted data is human-readable so it doesn't mean it would work for the situation. =========================== Other Info: head - command that prints the first line(s) in a file fsstat - command shows file system information

I would say D, since this is DURING an incident response, using dd will not modify any changes to files. Afterwards, then you can use the strings command

*"Strings" grabs and lists Strings of charactersin a file, making it easy to notice human-readable words and phrases. *"dd" is a command used to clone a hard drive and bit by bit copy (an image). *"fstat" shows info about a File System (FS) *"head" prints out the top of a file (the head)

Yup, this is Strings.

Answer is D. Disassemblers and Decompilers Disassemblers and decompilers are software that translate low-level machine language code into higher level code.

Option D (dd) can be used to create a bit-by-bit copy of a partition, but it does not extract human-readable content. Answer is A - Strings

A. strings is the tool that can be used to extract human-readable content from a Linux swap partition. The Linux swap partition is used as virtual memory and contains data that has been swapped out of RAM to free up space. The data in the swap partition is not in a human-readable format, but it may contain fragments of files or other data that can be extracted using the "strings" tool. - ChatGPT

First can use dd to secure the disc as a image. But the answer is A - strings.

Strings without doubt https://forensicswiki.xyz/wiki/index.php?title=Strings

Linux partition uses strings

Some people said its A. unsure of this one

dd is bit by bit disk image , so dd is a good choice

question asks human readable context, so string provides it.

DD would be the most appropriate answer because we're being told its an incident response and as a rule of thumb when you conduct IR you need to clone your source evidence b4 any forencis investigation, then with the cloned image one can now mount it, after mounting thats when it becomes readable! So DD makes the most appropriate for this question your views are welcome.

I have looked for answers about dd and it doesn't mention anywhere about human-readable text.

So in the Comptia CySA+ study guide book in chapter 18 under dd utility is says: "dd can duplicate data across files, devices, partitions, and volumes." So would that make this answer "D"?

Strings is the correct answer