Skip to Content

EC-Council CHFI: Which commands would display the contents of a data stream

By: Author Alex Lim

Posted on  - Last updated:

Categories Exam

Table of Contents

Question

Assume there is a file named myfile.txt in C: drive that contains hidden data streams. Which of the following commands would you issue to display the contents of a data stream?

A. echo text > program:source_file
B. C:\>ECHO text_message > myfile.txt:stream1
C. C:\MORE < myfile.txt:stream1
D. myfile.dat:stream1

Answer

C. C:\MORE < myfile.txt:stream1

Explanation

The correct answer is C. C:\MORE < myfile.txt:stream1

Explanation: A data stream is a sequence of bytes that can be attached to a file or a directory on a NTFS file system. Data streams are also known as alternate data streams (ADS) because they are hidden from normal view and can store additional information that is not visible in the main data stream of the file or directory .

To display the contents of a data stream, one can use the MORE command, which is a built-in Windows utility that displays one screen of output at a time. The MORE command can take input from a file or from the standard input (stdin). The syntax for using MORE with a file is:

MORE < filename

The syntax for using MORE with stdin is:

command | MORE

where command is any command that produces output to stdout.

In this question, the file myfile.txt has a hidden data stream named stream1, which can be accessed by using the colon (:) separator after the file name. To display the contents of this data stream, one can use the MORE command with the redirection operator (<), which redirects the input from a file to stdin. The command would be:

C:\MORE < myfile.txt:stream1

This command will display the contents of stream1 on the screen, one page at a time.

The other options are incorrect because:

A. echo text > program:source_file

This command will create a new file named program and write the text “text” to its main data stream. It will not display any existing data stream.

B. C:\>ECHO text_message > myfile.txt:stream1

This command will create or overwrite a data stream named stream1 in myfile.txt and write the text “text_message” to it. It will not display any existing data stream.

D. myfile.dat:stream1

This is not a valid command, but rather a file name with a data stream name. It will not display anything on the screen.

ECCouncil Computer Hacking Forensic Investigator CHFI 312-49v10 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the ECCouncil Computer Hacking Forensic Investigator CHFI 312-49v10 exam and earn ECCouncil Computer Hacking Forensic Investigator CHFI 312-49v10 certification.