After running rdisk /s to grab the backup SAM file, where should you navigate on the system to find the file?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards

From $24.99Unlock all

Prepare for the Computer Hacking Forensic Investigator v11 exam. Study with flashcards and multiple choice questions. Each question includes hints and explanations. Get exam-ready efficiently!

Multiple Choice

After running rdisk /s to grab the backup SAM file, where should you navigate on the system to find the file?

The SAM file is a registry hive that Windows stores with security data, but it’s locked while the system is running. Forensic access is typically done from an offline or recovery state, where Windows provides a backup copy of registry hives in a special repair area. That Repair folder (under the Windows install directory) is where the backup SAM is kept, so you’d look there to grab the copy you need. Therefore, the correct location is %systemroot%\repair. The other locations hold unrelated system files (for example, the etc folder contains hosts files, and the LSA-related folders are not the SAM backup location), so they wouldn’t contain the backup you’re after.

After running rdisk /s to grab the backup SAM file, where should you navigate on the system to find the file?

Prepare for the Computer Hacking Forensic Investigator v11 exam. Study with flashcards and multiple choice questions. Each question includes hints and explanations. Get exam-ready efficiently!

After running rdisk /s to grab the backup SAM file, where should you navigate on the system to find the file?

Get the latest from Passetra