A Trivia Quiz On Windows Forensics Analysis!

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Ahmednoor99
A
Ahmednoor99
Community Contributor
Quizzes Created: 1 | Total Attempts: 1,918
Questions: 10 | Attempts: 1,918

SettingsSettingsSettings
A Trivia Quiz On Windows Forensics Analysis! - Quiz

.


Questions and Answers
  • 1. 

    Which of the below, is the name of one of the two logical root keys, that reside in the system hard drive of the Windows Registry?

    • A.

      HKEY_LOCAL_MAC

    • B.

      HKEY_LOCAL_SYSTEM

    • C.

      HKEY_LOCAL_MACHINE

    • D.

      HKEY_LOCAL_METRO

    Correct Answer
    C. HKEY_LOCAL_MACHINE
    Explanation
    HKEY_LOCAL_MACHINE and HKEY_USERS are the two logical root keys on the system's hard drive.

    Rate this question:

  • 2. 

    Which of the statements below, belong to the A.C.P.O Principles? 

    • A.

      The person in charge of the investigation (case officer) holds no responsibility whatsoever, for ensuring that the law and these principles are adhered to.

    • B.

      An audit trail or other record of all processes applied to computer-based electronic evidence should be created and preserved. An indepedent third party should be able to examine those processes and achieve the same result.

    • C.

      No action taken by law enforcement agencies or their agents should change data held on a computer or storage media, which may subsequently be relied upon in court.

    • D.

      In exceptional circumstances, where a person finds it necessary to access original data held on a computer or storage media, that person is able to do so, regardless of their qualifications or digital forensic knowledge.

    Correct Answer(s)
    B. An audit trail or other record of all processes applied to computer-based electronic evidence should be created and preserved. An indepedent third party should be able to examine those processes and achieve the same result.
    C. No action taken by law enforcement agencies or their agents should change data held on a computer or storage media, which may subsequently be relied upon in court.
    Explanation
    The given answer is correct because it includes two statements that belong to the A.C.P.O Principles. The first statement emphasizes the importance of creating and preserving an audit trail or record of all processes applied to computer-based electronic evidence, which allows an independent third party to examine those processes and achieve the same result. This aligns with the A.C.P.O Principles of maintaining a clear and transparent chain of custody for digital evidence. The second statement highlights the principle that no action should be taken by law enforcement agencies or their agents that could alter the data held on a computer or storage media, as this data may be relied upon in court. This reflects the A.C.P.O Principle of ensuring the integrity and preservation of digital evidence.

    Rate this question:

  • 3. 

    The Examination & Analysis stage is completed before the Collection & Preservation stage, of the Forensic Process.

    • A.

      True

    • B.

      False

    Correct Answer
    B. False
    Explanation
    The Examination & Analysis stage is not completed before the Collection & Preservation stage in the Forensic Process. The Collection & Preservation stage is typically the first step in the forensic process, where evidence is collected, documented, and properly preserved to maintain its integrity. Once this stage is complete, the evidence is then examined and analyzed in the subsequent stage. Therefore, the correct answer is False.

    Rate this question:

  • 4. 

    Which of the following are Registry data types? 

    • A.

      REG_DWORD

    • B.

      REG_WINDOWS

    • C.

      REG_HEX

    • D.

      REG_SZ

    • E.

      REG_BINARY

    • F.

      REG_NONE

    Correct Answer(s)
    A. REG_DWORD
    D. REG_SZ
    E. REG_BINARY
    F. REG_NONE
    Explanation
    Registry data types are used to define the type of data stored in the Windows registry. REG_DWORD is a data type for storing 32-bit integers. REG_SZ is a data type for storing strings. REG_BINARY is a data type for storing binary data. REG_NONE is a data type for storing data with no particular type. Therefore, the correct answer is REG_DWORD, REG_SZ, REG_BINARY, and REG_NONE.

    Rate this question:

  • 5. 

    What is the file extension name for the Setup logs in Windows 7 (Windows logs)?

    • A.

      .log

    • B.

      .etl

    • C.

      .stp

    • D.

      .set

    Correct Answer
    B. .etl
    Explanation
    The file extension name for the Setup logs in Windows 7 (Windows logs) is .etl.

    Rate this question:

  • 6. 

    What is the name of one of the most forensically significant Internet Explorer artifacts?

    • A.

      Index.bat

    • B.

      Index.data

    • C.

      Index.dta

    • D.

      Index.dat

    Correct Answer
    D. Index.dat
    Explanation
    Index.dat is one of the most forensically significant Internet Explorer artifacts. This file is a hidden system file that contains information about the websites visited, cookies, and cached data. It is commonly found in the Temporary Internet Files folder and can provide valuable evidence in forensic investigations related to internet browsing activities.

    Rate this question:

  • 7. 

    Thumbnails are graphical images that represent a file or directory.

    • A.

      True

    • B.

      False

    Correct Answer
    A. True
    Explanation
    Thumbnails are indeed graphical images that represent a file or directory. They are usually smaller versions of the original image or icon, providing a visual preview or representation of the content. These thumbnails are commonly used in file browsers, image galleries, and other applications to give users a quick overview of the files or directories without having to open them. Therefore, the given answer "True" is correct.

    Rate this question:

  • 8. 

    What is the name of the style given to the Windows 8 GUI (graphical user interface)?

    • A.

      Mento

    • B.

      Metro

    • C.

      Motto

    • D.

      Micro

    Correct Answer
    B. Metro
    Explanation
    Metro is the correct answer because it is the name of the style given to the Windows 8 GUI. Metro is characterized by its clean, minimalist design, with bold colors, typography, and a focus on content. It was designed to be simple, intuitive, and touch-friendly, allowing users to easily navigate and interact with the operating system.

    Rate this question:

  • 9. 

    What are the names of the two paging files used in Windows 8? 

    • A.

      Swapfile.sys

    • B.

      Virtualmem.sys

    • C.

      Pagingfile.sys

    • D.

      Pagefile.sys

    • E.

      Pagefile2.sys

    Correct Answer(s)
    A. Swapfile.sys
    D. Pagefile.sys
    Explanation
    In Windows 8, the two paging files used are swapfile.sys and pagefile.sys. These files are used by the operating system to temporarily store data that cannot fit in the physical memory (RAM). The swapfile.sys file is responsible for managing the system's paging file on the boot drive, while the pagefile.sys file is used to store paging data for each individual user on the system. These paging files play a crucial role in optimizing memory usage and ensuring smooth system performance.

    Rate this question:

  • 10. 

    The $Recycle.Bin folder is located within the Windows. old directory, which is accessible once a machine has been Refreshed, in Windows 8.

    • A.

      True

    • B.

      False

    Correct Answer
    A. True
    Explanation
    The $Recycle.Bin folder is indeed located within the Windows.old directory. This directory is accessible after a machine has been refreshed in Windows 8. Therefore, the statement "The $Recycle.Bin folder is located within the Windows.old directory, which is accessible once a machine has been Refreshed, in Windows 8" is true.

    Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 21, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Feb 26, 2013
    Quiz Created by
    Ahmednoor99

Related Topics

Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.