ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-49v10 All Questions

View all questions & answers for the 312-49v10 exam
Go to Exam

Exam 312-49v10 topic 1 question 61 discussion

Actual exam question from ECCouncil's 312-49v10
Question #: 61
Topic #: 1
[All 312-49v10 Questions]

What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 sever the course of its lifetime?

  • A. forensic duplication of hard drive
  • B. analysis of volatile data
  • C. comparison of MD5 checksums
  • D. review of SIDs in the Registry
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by spitfire at Nov. 8, 2021, 8:47 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ctaregistro
Highly Voted 2 years, 6 months ago
D. review of SIDs in the Registry
upvoted 7 times
...
spitfire
Highly Voted 2 years, 8 months ago
anyone can explain why the answer is checking MD5? my only thought is only checking the MD5 to compare passwords but that sounds trivial. most probable answer is checking SIDs through registry
upvoted 6 times
AspiringScriptKiddie
2 years, 4 months ago
it's not. It's an error.
upvoted 4 times
...
...
044f354
Most Recent 4 months ago
Selected Answer: D
D. review of SIDs in the Registry Citation: EC Council Official Curricula Computer Hacking Forensic Investigator https://bookshelf.vitalsource.com/reader/books/9781635676969/ Module 06 Pages 594-595 "HKEY_USERS, abbreviated as HKU, contains information about all the currently active user profiles on the computer. Each registry key under HKEY_USERS hive relates to a user on the computer, which is named after the user security identifier (SID). The registry keys and registry values under each SID control the user specific mapped drives, installed printers, environmental variables, and so on."
upvoted 1 times
...
YonGCybeR
8 months ago
Selected Answer: D
Examtopics please take note of all the answer and comment when users did. Obviously the answer provided by examtpoic were wrong but after the first comment until now the answer still no changes at all. Quite upset since a lot of people buying this for study and exam use but the answer could be so many errors and non-updated.
upvoted 4 times
...
torabi123
8 months ago
Registry Analysis: The Windows Registry can contain information about user accounts and their profiles. You can examine the registry to find historical data about user accounts, especially in the "HKEY_LOCAL_MACHINE\SAM" and "HKEY_LOCAL_MACHINE\SOFTWARE" hives. In Windows 2000 Server, the Security Identifier (SID) for the local machine can be found in the Windows Registry. The SID is a unique identifier for a Windows system, and it is stored in the registry in the following location: "HKEY_LOCAL_MACHINE\SECURITY\SAM\Domains\Account" Inside the "Account" key, you will find a subkey named "Users." Within the "Users" key, you can locate a list of user accounts and their corresponding SIDs. The SIDs for user accounts are stored as registry values, and you can identify them by looking at the data associated with these values. --> review of SIDs in the Registry
upvoted 2 times
...
redmonkeyprism
1 year ago
Selected Answer: D
SIDs makes sense. 6 of us agree. Wish they'd update this.
upvoted 4 times
...
sampb
2 years, 1 month ago
D. Review of SIDs in the Registry
upvoted 5 times
...
K3nz0420
2 years, 4 months ago
D. review of SIDs in the Registry
upvoted 5 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel