Computer Hacking Forensic Investigator (CHFI) Practice Exam

The command that shows TCP and UDP connections along with their identifiers is indeed "netstat -ano." This command provides a comprehensive view of all active connections on a system, displaying the protocol being used (TCP or UDP), the local and remote addresses, the state of the connection, and importantly, the process ID (PID) associated with each connection.

The inclusion of the "-a" flag lists all connections and listening ports, "-n" ensures that the address and port numbers are shown in numerical form instead of resolving them to their names, and "-o" adds the ability to see the owning process ID associated with each connection. This information is crucial in forensic investigations as it allows investigators to trace back suspicious connections to specific applications or processes running on the system, facilitating a deeper analysis of potentially malicious activity.

In contrast, the other command options provide different useful information: "-b" shows the executable involved in creating each connection but does not include the PID, "-r" provides the routing table information, and "-s" offers statistics on the various protocols but does not list specific connections.