What form of attack involves an employee using portable devices to extract data?

The correct answer is the form of attack known as pod slurping, which specifically refers to the unauthorized extraction of data from a computer or network using portable devices, such as USB flash drives. In this scenario, an employee connects a portable storage device to a workstation to illicitly copy sensitive data. This technique leverages physical access to systems, making it a distinct threat, especially in environments where data security policies may not sufficiently account for physical access controls.

Privilege escalation involves gaining higher access rights than previously held, typically through exploiting software flaws or configuration oversights, rather than directly extracting data. Planting keyloggers refers to the act of installing a device or software that captures keystrokes to steal information, but it focuses on monitoring rather than physical extraction of data. Tailgating describes the act of an unauthorized person following an authorized individual into a secured area, which relates more to gaining access rather than directly extracting data. Therefore, in the context of extracting data using portable devices, pod slurping is the most accurate answer.