Digital Forensic Certification Practice Exam 2025 – Comprehensive Test Preparation

The command that is used to gather information about files opened by an intruder during a remote login is "net file." This command is utilized in Windows environments to display a list of open files on a server. It provides details such as the file ID, the user who has the file open, and the access type. This can be crucial for forensic analysts trying to identify unauthorized access or activities on a system.

The other available commands have different primary functions: "tasklist" displays a list of currently running processes, which is useful for monitoring applications and processes on a system but does not specifically indicate which files are open. The "dir" command is used to list the contents of a directory, providing information about files and directories within a specific path but lacking details on access. "netstat" provides information regarding active network connections and listening ports, which may help in identifying whether a remote login session exists, but it does not indicate what files are being accessed or manipulated.

Thus, "net file" is the most appropriate command for ascertaining which files are open and potentially being exploited by an unauthorized user during remote access sessions.