Computer Hacking Forensic Investigator (CHFI v10) — Question 268

Steve, a forensic investigator, was asked to investigate an email incident in his organization. The organization has Microsoft Exchange Server deployed for email communications. Which among the following files will Steve check to analyze message headers, message text, and standard attachments?

Answer options

• A. PUB.EDB
• B. PRIV.EDB
• C. PUB.STM
• D. PRIV.STM

Correct answer: B

Explanation

Steve should check the PRIV.EDB file because it contains the mailbox data for users, including message headers and attachments. The PUB.EDB file holds public folder data, while the PUB.STM and PRIV.STM files are stream files that store content for the corresponding databases but do not contain the message data itself.