CompTIA CASP+ (CAS-004) — Question 502

A security analyst is examining a former employee’s laptop for suspected evidence of suspicious activity. The analyst uses dd during the investigation. Which of the following best explains why the analyst is using this tool?

Answer options

• A. To capture an image of the hard drive
• B. To reverse engineer binary programs
• C. To recover deleted logs from the laptop
• D. To deduplicate unnecessary data from the hard drive

Correct answer: A

Explanation

The correct answer is A because dd is commonly used to create a bit-for-bit copy of a hard drive, which is essential for forensic analysis. Options B, C, and D are incorrect as dd does not reverse engineer programs, recover deleted logs, or deduplicate data.