Network Security Administrator (NSA, legacy) — Question 5

What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 sever the course of its lifetime?

Answer options

• A. forensic duplication of hard drive
• B. analysis of volatile data
• C. comparison of MD5 checksums
• D. review of SIDs in the Registry

Correct answer: C

Explanation

The correct answer, comparison of MD5 checksums, is used for verifying data integrity but does not provide a method for tracing user accounts. Forensic duplication of hard drives captures data but does not track user accounts over time. Analysis of volatile data focuses on temporary data and does not provide historical account information. Reviewing SIDs in the Registry allows you to check user account information, making it the most relevant method for tracing user accounts.