Computer Hacking Forensic Investigator (CHFI v10) — Question 192

Using Linux to carry out a forensics investigation, what would the following command accomplish? dd if=/usr/home/partition.image of=/dev/sdb2 bs=4096 conv=notrunc,noerror

Answer options

• A. Search for disk errors within an image file
• B. Backup a disk to an image file
• C. Copy a partition to an image file
• D. Restore a disk from an image file

Correct answer: D

Explanation

The command is used to restore a disk from an image file, as it writes the contents of 'partition.image' to the specified device '/dev/sdb2'. The other options do not accurately describe this operation; for example, searching for disk errors or backing up a disk would involve different commands or processes.