Computer Hacking Forensic Investigator (CHFI v10) — Question 271

Ronald, a forensic investigator, has been hired by a financial services organization to investigate an attack on their MySQL database server, which is hosted on a
Windows machine named WIN-DTRAI83202X. Ronald wants to retrieve information on the changes that have been made to the database. Which of the following files should Ronald examine for this task?

Answer options

• A. WIN-DTRAI83202X-bin.nnnnnn
• B. WIN-DTRAI83202Xslow.log
• C. relay-log.info
• D. WIN-DTRAI83202Xrelay-bin.index

Correct answer: A

Explanation

The correct answer is A, as the binary log file (WIN-DTRAI83202X-bin.nnnnnn) records all changes made to the MySQL database, making it essential for tracking modifications. The other options, while they may contain useful information, do not specifically log all changes like the binary log does.