A security investigator has detected an unauthorized insider reviewing files containing company secrets. Which of the following commands could the investigator use to determine which files have been opened by this user?
A security investigator has detected an unauthorized insider reviewing files containing company secrets. Which of the following commands could the investigator use to determine which files have been opened by this user?
The 'lsof' command is used to list open files in a system. It shows files that are currently in use by processes, which would include any files opened by a user. This command is particularly useful for identifying files that have been accessed, making it the most appropriate choice for the security investigator trying to determine which files have been opened by the unauthorized user.
The answer is B. lsof. The lsof command is a Linux command that lists all open files on the system. This includes files that are opened by processes, sockets, and other file descriptors. In this case, the security investigator can use the lsof command to determine which files have been opened by the unauthorized insider.