Question 1mediummultiple choice
Read the full Malware Forensics explanation →CHFI Malware Forensics • Complete Question Bank
Complete CHFI Malware Forensics question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit. C:\> fls -f ntfs -o 2048 image.dd r/r 4-128-3: $AttrDef r/r 8-128-2: $BadClus r/r 6-128-2: $Bitmap r/r 7-128-1: $Boot r/r 11-128-3: $Extend r/r 2-128-1: $LogFile r/r 0-128-1: $MFT r/r 1-128-1: $MFTMirr r/r 9-128-8: $Secure r/r 10-128-1: $UpCase r/r 3-128-3: $Volume r/r 108-128-2: Users r/r 109-128-3: ProgramData r/r 110-128-2: Windows r/r 111-128-1: Program Files r/r 112-128-1: Program Files (x86) V/V 113-128-1: $OrphanFiles r/r 114-128-3: autoexec.bat r/r 115-128-1: config.sys
Refer to the exhibit. C:\Users\Admin> sc query | findstr /i "service" SERVICE_NAME: WinDefend DISPLAY_NAME: Windows Defender Antivirus Service STATE: 4 RUNNING C:\Users\Admin> tasklist /svc Image Name PID Services ================= ======== ============================================ svchost.exe 1234 WinDefend svchost.exe 5678 BFE, MpsSvc services.exe 4321 C:\Users\Admin> netstat -ano | findstr :4444 TCP 0.0.0.0:4444 0.0.0.0:0 LISTENING 4321
Refer to the exhibit. C:\> tasklist /svc Image Name PID Services ========================= ======== ============================================ svchost.exe 1236 CryptSvc, Dnscache, LmHosts, EventSystem svchost.exe 1344 W32Time, WdiServiceHost svchost.exe 768 BFE, MpsSvc notepad.exe 1456 N/A svchost.exe 524 SessionEnv, TermService, UmRdpService rundll32.exe 1500 N/A C:\> netstat -ano | findstr :4444 TCP 0.0.0.0:4444 0.0.0.0:0 LISTENING 1500 C:\> wmic process where processid=1500 get executablepath ExecutablePath C:\Windows\System32\rundll32.exe
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Image files (BMP, PNG)
Audio files (WAV, MP3)
GIF images
JPEG images
Plain text or documents