CompTIA CySA+ (CS0-002) — Question 287

During an incident response procedure, a security analyst collects a hard drive to analyze a possible vector of compromise. There is a Linux swap partition on the hard drive that needs to be checked. Which of the following should the analyst use to extract human-readable content from the partition?

Answer options

• A. strings
• B. head
• C. fsstat
• D. dd

Correct answer: A

Explanation

The correct tool for extracting human-readable content from a Linux swap partition is 'strings', as it identifies and outputs printable character sequences from binaries. The other options, such as 'head' and 'dd', serve different purposes: 'head' is used to display the beginning of files, while 'dd' is for low-level copying of data, making them unsuitable for this specific task.