A Trivia Quiz On Windows Forensics Analysis!

Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Ahmednoor99
A
Ahmednoor99
Community Contributor
Quizzes Created: 1 | Total Attempts: 1,998
| Attempts: 2,039
Quiz Flashcard
SettingsSettings
Please wait...
  • 1/10 Questions

    Which of the below, is the name of one of the two logical root keys, that reside in the system hard drive of the Windows Registry?

    • HKEY_LOCAL_MAC
    • HKEY_LOCAL_SYSTEM
    • HKEY_LOCAL_MACHINE
    • HKEY_LOCAL_METRO
Please wait...
About This Quiz

Explore the intricacies of Windows Forensics through this engaging trivia quiz! Assess your knowledge on key concepts such as Windows Registry, ACPO principles, forensic processes, and significant artifacts. Ideal for learners aiming to enhance their digital forensic skills.

A Trivia Quiz On Windows Forensics Analysis! - Quiz

Quiz Preview

  • 2. 

    Which of the statements below, belong to the A.C.P.O Principles? 

    • The person in charge of the investigation (case officer) holds no responsibility whatsoever, for ensuring that the law and these principles are adhered to.

    • An audit trail or other record of all processes applied to computer-based electronic evidence should be created and preserved. An indepedent third party should be able to examine those processes and achieve the same result.

    • No action taken by law enforcement agencies or their agents should change data held on a computer or storage media, which may subsequently be relied upon in court.

    • In exceptional circumstances, where a person finds it necessary to access original data held on a computer or storage media, that person is able to do so, regardless of their qualifications or digital forensic knowledge.

    Correct Answer(s)
    A. An audit trail or other record of all processes applied to computer-based electronic evidence should be created and preserved. An indepedent third party should be able to examine those processes and achieve the same result.
    A. No action taken by law enforcement agencies or their agents should change data held on a computer or storage media, which may subsequently be relied upon in court.
    Explanation
    The given answer is correct because it includes two statements that belong to the A.C.P.O Principles. The first statement emphasizes the importance of creating and preserving an audit trail or record of all processes applied to computer-based electronic evidence, which allows an independent third party to examine those processes and achieve the same result. This aligns with the A.C.P.O Principles of maintaining a clear and transparent chain of custody for digital evidence. The second statement highlights the principle that no action should be taken by law enforcement agencies or their agents that could alter the data held on a computer or storage media, as this data may be relied upon in court. This reflects the A.C.P.O Principle of ensuring the integrity and preservation of digital evidence.

    Rate this question:

  • 3. 

    The Examination & Analysis stage is completed before the Collection & Preservation stage, of the Forensic Process.

    • True

    • False

    Correct Answer
    A. False
    Explanation
    The Examination & Analysis stage is not completed before the Collection & Preservation stage in the Forensic Process. The Collection & Preservation stage is typically the first step in the forensic process, where evidence is collected, documented, and properly preserved to maintain its integrity. Once this stage is complete, the evidence is then examined and analyzed in the subsequent stage. Therefore, the correct answer is False.

    Rate this question:

  • 4. 

    Which of the following are Registry data types? 

    • REG_DWORD

    • REG_WINDOWS

    • REG_HEX

    • REG_SZ

    • REG_BINARY

    • REG_NONE

    Correct Answer(s)
    A. REG_DWORD
    A. REG_SZ
    A. REG_BINARY
    A. REG_NONE
    Explanation
    Registry data types are used to define the type of data stored in the Windows registry. REG_DWORD is a data type for storing 32-bit integers. REG_SZ is a data type for storing strings. REG_BINARY is a data type for storing binary data. REG_NONE is a data type for storing data with no particular type. Therefore, the correct answer is REG_DWORD, REG_SZ, REG_BINARY, and REG_NONE.

    Rate this question:

  • 5. 

    What is the file extension name for the Setup logs in Windows 7 (Windows logs)?

    • .log

    • .etl

    • .stp

    • .set

    Correct Answer
    A. .etl
    Explanation
    The file extension name for the Setup logs in Windows 7 (Windows logs) is .etl.

    Rate this question:

  • 6. 

    What is the name of one of the most forensically significant Internet Explorer artifacts?

    • Index.bat

    • Index.data

    • Index.dta

    • Index.dat

    Correct Answer
    A. Index.dat
    Explanation
    Index.dat is one of the most forensically significant Internet Explorer artifacts. This file is a hidden system file that contains information about the websites visited, cookies, and cached data. It is commonly found in the Temporary Internet Files folder and can provide valuable evidence in forensic investigations related to internet browsing activities.

    Rate this question:

  • 7. 

    Thumbnails are graphical images that represent a file or directory.

    • True

    • False

    Correct Answer
    A. True
    Explanation
    Thumbnails are indeed graphical images that represent a file or directory. They are usually smaller versions of the original image or icon, providing a visual preview or representation of the content. These thumbnails are commonly used in file browsers, image galleries, and other applications to give users a quick overview of the files or directories without having to open them. Therefore, the given answer "True" is correct.

    Rate this question:

  • 8. 

    What is the name of the style given to the Windows 8 GUI (graphical user interface)?

    • Mento

    • Metro

    • Motto

    • Micro

    Correct Answer
    A. Metro
    Explanation
    Metro is the correct answer because it is the name of the style given to the Windows 8 GUI. Metro is characterized by its clean, minimalist design, with bold colors, typography, and a focus on content. It was designed to be simple, intuitive, and touch-friendly, allowing users to easily navigate and interact with the operating system.

    Rate this question:

  • 9. 

    What are the names of the two paging files used in Windows 8? 

    • Swapfile.sys

    • Virtualmem.sys

    • Pagingfile.sys

    • Pagefile.sys

    • Pagefile2.sys

    Correct Answer(s)
    A. Swapfile.sys
    A. Pagefile.sys
    Explanation
    In Windows 8, the two paging files used are swapfile.sys and pagefile.sys. These files are used by the operating system to temporarily store data that cannot fit in the physical memory (RAM). The swapfile.sys file is responsible for managing the system's paging file on the boot drive, while the pagefile.sys file is used to store paging data for each individual user on the system. These paging files play a crucial role in optimizing memory usage and ensuring smooth system performance.

    Rate this question:

  • 10. 

    The $Recycle.Bin folder is located within the Windows. old directory, which is accessible once a machine has been Refreshed, in Windows 8.

    • True

    • False

    Correct Answer
    A. True
    Explanation
    The $Recycle.Bin folder is indeed located within the Windows.old directory. This directory is accessible after a machine has been refreshed in Windows 8. Therefore, the statement "The $Recycle.Bin folder is located within the Windows.old directory, which is accessible once a machine has been Refreshed, in Windows 8" is true.

    Rate this question:

Quiz Review Timeline (Updated): Mar 21, 2023 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 21, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Feb 26, 2013
    Quiz Created by
    Ahmednoor99

Related Topics

Featured Quizzes

What Is My Ethnicity? Let's Take Ethnicity Quiz What Is My Ethnicity? Let's Take Ethnicity Quiz
Are You Ready For IQ Quiz: Test Your Intelligence Now Are You Ready For IQ Quiz: Test Your Intelligence Now
What Ethnicity Do I Look Like? What Ethnicity Do I Look Like?
Best Friend Quiz: Are You Really Best Friends? Best Friend Quiz: Are You Really Best Friends?
What Is My Talent? What Is My Talent?
Harry Potter House Quiz: Which Hogwarts House Do You Belong To? Harry Potter House Quiz: Which Hogwarts House Do You Belong To?
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.