Computer Hacking Forensic Investigator (CHFI v10) — Question 115

Gill is a computer forensics investigator who has been called upon to examine a seized computer. This computer, according to the police, was used by a hacker who gained access to numerous banking institutions to steal customer information. After preliminary investigations, Gill finds in the computer's log files that the hacker was able to gain access to these banks through the use of Trojan horses. The hacker then used these Trojan horses to obtain remote access to the companies' domain controllers. From this point, Gill found that the hacker pulled off the SAM files from the domain controllers to then attempt and crack network passwords. What is the most likely password cracking technique used by this hacker to break the user passwords from the SAM files?

Answer options

• A. Syllable attack
• B. Hybrid attack
• C. Brute force attack
• D. Dictionary attack

Correct answer: D

Explanation

The hacker likely used a Dictionary attack because this method involves using a pre-defined list of words or phrases to guess passwords, which aligns with the extraction of SAM files that usually contain common passwords. The other options, such as Syllable, Hybrid, and Brute force attacks, while valid techniques, do not specifically target the type of password cracking that would be most efficient given the context of the SAM files.