After running rdisk /s to grab the backup SAM file, where should you navigate on the system to find the file?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards

From $9.99Unlock all

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

Multiple Choice

After running rdisk /s to grab the backup SAM file, where should you navigate on the system to find the file?

The SAM file is a registry hive that Windows stores with security data, but it’s locked while the system is running. Forensic access is typically done from an offline or recovery state, where Windows provides a backup copy of registry hives in a special repair area. That Repair folder (under the Windows install directory) is where the backup SAM is kept, so you’d look there to grab the copy you need. Therefore, the correct location is %systemroot%\repair. The other locations hold unrelated system files (for example, the etc folder contains hosts files, and the LSA-related folders are not the SAM backup location), so they wouldn’t contain the backup you’re after.

After running rdisk /s to grab the backup SAM file, where should you navigate on the system to find the file?

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

After running rdisk /s to grab the backup SAM file, where should you navigate on the system to find the file?

Get the latest from Examzify