Last Updated on August 10, 2021 by Admin 3
A security engineer is looking at a DNS server following a known incident. The engineer sees the following command as the most recent entry in the server’s shell history:
dd if=dev/sda of=/dev/sdb
Which of the following MOST likely occurred?
- A tape backup of the server was performed
- The drive was cloned for forensic analysis
- The hard drive was formatted after the incident
- The DNS log files were rolled daily as expected