Computer Hacking Forensic Investigator (CHFI v10) — Question 375

Which Linux command when executed displays kernel ring buffers or information about device drivers loaded into the kernel?

Answer options

• A. pgrep
• B. dmesg
• C. fsck
• D. grep

Correct answer: B

Explanation

The correct answer is B, dmesg, as it specifically retrieves the messages from the kernel ring buffer, which includes information about driver loading. The other options, such as pgrep, fsck, and grep, serve different purposes and do not provide kernel-related messages.