GIAC Security Essentials Certification (GSEC) — Question 30

Which of the following is a standard Unix command that would most likely be used to copy raw file system data for later forensic analysis?

Answer options

• A. dd
• B. backup
• C. cp
• D. gzip

Correct answer: A

Explanation

The correct answer is A, dd, which is specifically designed for low-level copying of data, making it ideal for forensic purposes. The other options are unsuitable as backup is not a standard Unix command, cp is used for copying files but not at a low level, and gzip is a compression tool rather than a copying command.