Computer Hacking Forensic Investigator (CHFI) — Question 6

What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 sever the course of its lifetime?

Answer options

• A. forensic duplication of hard drive
• B. analysis of volatile data
• C. comparison of MD5 checksums
• D. review of SIDs in the Registry

Correct answer: D

Explanation

The correct answer is D, as reviewing SIDs in the Registry allows for the identification of all user accounts that have been established on the server. Options A and B do not specifically target user account tracing, while option C deals with data integrity verification rather than user account history.