During an incident response process involving a laptop, a host was identified as the entry point for malware.
The management team would like to have the laptop restored and given back to the user. The cybersecurity
analyst would like to continue investigating the intrusion on the host. Which of the following would allow the
analyst to continue the investigation and also return the laptop to the user as soon as possible?
A. dd
B. memdump
C. tcpdump
D. head
The management team would like to have the laptop restored and given back to the user. The cybersecurity
analyst would like to continue investigating the intrusion on the host. Which of the following would allow the
analyst to continue the investigation and also return the laptop to the user as soon as possible?
A. dd
B. memdump
C. tcpdump
D. head