scenario
hard
Analyze
ir-process
2 points
Question 50. CSCD240-E1-C
IR runbook: capture terminal session output of every IR command. Name the command and why it matters for chain of custody.
Work the drill
Answer on paper or in a terminal before revealing the ideal answer.
Ideal answer
script <filename>. Starts a transcript of all keyboard input and terminal output. Matters because IR evidence must be reproducible and documentable — "what did the analyst type, and what did the system reply" is the chain-of-custody record.
Misconception bank
Each row below is a plausible wrong answer, the thinking that produces it, and the remedy that corrects the misconception. These are the foundation of the multiple-choice framing and the targeted feedback a student receives after answering.
history
Misconception. history only shows commands typed in the shell, not system output.
Remedy. history ≠ script. Different scope.
Authority mappings
Hover any chip for the mapping justification; click to open the authority record.
KU outcomes:
CO-O5-O1