Computer Hacking Forensic Investigator (CHFI v10) — Question 527

Adam, a forensic investigator, is investigating an attack on Microsoft Exchange Server of a large organization. As the first step of the investigation, he examined the PRIV.EDB file and found the source from where the mail originated and the name of the file that disappeared upon execution. Now, he wants to examine the
MIME stream content. Which of the following files is he going to examine?

Answer options

• A. PRIV.STM
• B. gwcheck.db
• C. PRIV.EDB
• D. PUB.EDB

Correct answer: A

Explanation

The correct answer is A. The PRIV.STM file contains the MIME stream content associated with emails, making it the right file for Adam to examine. The other options, such as gwcheck.db, PRIV.EDB, and PUB.EDB, do not contain the MIME stream data necessary for his investigation.