During a security investigation, a suspicious Linux laptop is found in the server room. The laptop is processing information and indicating network activity. The investigator is preparing to launch an investigation to determine what is happening with this laptop. Which of the following is the MOST appropriate set of Linux commands that should be executed to conduct the investigation?
To conduct a thorough investigation of the suspicious Linux laptop, the investigator should use a set of commands that provide comprehensive information about files, processes, network activity, and logged-in users. 'lsof' lists open files and network sockets, helping to identify active connections and processes. 'ifconfig' displays the network configuration and IP address, 'who' shows the logged-in users, and 'ps' lists all running processes on the laptop. 'ls' reveals the contents of directories, while 'tcpdump' captures network traffic for analysis. These commands collectively offer a complete overview of the laptop's activity and help in the investigation.
lsof: Lists open files and processes, which can help identify any suspicious or unauthorized processes running on the laptop. ifconfig: Displays network interface configuration, to gather information about the laptop's network connections and settings. who: Displays information about users logged into the system, providing insight into who may be using the laptop. ps: Lists currently running processes, to identify any suspicious or unauthorized processes. ls: Lists directory contents, to examine files and directories on the laptop. tcpdump: Captures and analyzes network traffic in real-time, providing visibility into network activity and helping to identify any suspicious or unauthorized network connections or traffic.
D. lsof, ifconfig, who, ps, ls, tcpdump. - lsof lists all open files on the system, including network sockets. This will help the investigator to determine which processes are accessing the network. - ifconfig displays the network configuration of the laptop. This will help the investigator to determine the laptop's IP address and other network settings. - who lists all users who are currently logged in to the laptop. This will help the investigator to identify who is using the laptop. - ps lists all running processes on the laptop. This will help the investigator to identify which processes are running and what they are doing. - ls lists the contents of the current directory. This will help the investigator to see what files are on the laptop. - tcpdump captures network traffic. This will help the investigator to see what data is being sent and received by the laptop.
D is correct...