Virtual Labs

Tools

Aim

Theory

Pretest

Procedure

Simulation

Posttest

References

Feedback

Aim

Theory

Pretest

Procedure

Simulation

Posttest

References

Feedback

Master File Table

Choose difficulty:

Beginner

Intermediate

Advanced

After deleting a file in an NTFS file system, how can you still recover its content?

a: By using the file's last access date Explanation

Explanation

b: By restoring the file from the Recycle Bin Explanation

Explanation

c: By locating the $DATA attribute in the Master File Table (MFT) Explanation

Explanation

d: By running a disk defragmentation Explanation

Explanation

What is a key forensic use of the Alternate Data Streams (ADS) in an NTFS file system?

a: To increase the speed of file access Explanation

Explanation

b: To hide additional data or malicious content within a file Explanation

Explanation

c: To compress files automatically Explanation

Explanation

d: To store file permissions Explanation

Explanation

What is the importance of extracting the Master File Table (MFT) from a file system image during forensic analysis?

a: To identify suspicious files and track file activity Explanation

Explanation

b: To format the drive for future use Explanation

Explanation

c: To increase the size of the file system Explanation

Explanation

d: To reduce the number of files on the system Explanation

Explanation

Community Links Sakshat Portal Outreach Portal FAQ: Virtual Labs

AGPL 3.0 & Creative Commons (CC BY-NC-SA 4.0)