CHFI study guide Rated 100% Correct!!

What is the first step required in preparing a computer for forensics investigation? - Do not turn the computer off or on, run any programs, or attempt to access data on a computer. True or false? Network forensics can be defined as the sniffing, recording, acquisition and analysis of the network traffic and event logs in order to investigate a network security incident. - True What command shows you the names of all open shared files on a server and number of file locks on each file? - Net file What file contains records that correspond to each deleted file in the Recycle bin? - INFO2 file Which email header specifies an address for mailer-generated errors? - Errors-To header What command shows you all of the network services running on Windows-based servers? - Net start True or false? Email archiving is a systematic approach to save and protect the data contained in emails so that it can tie easily accessed at a later date. - True What command shows you the NetBIOS name table cache - nbtstat -n Where is the SAM file in windows located? - C:windowssystem32configSAM What is the maximum drive size supported for FAT32? - 2 terabytesIn which step of the computer forensics investigation methodology would you run MD5 checksum on the evidence? - Acquire the data