CHAPTER 8 ASSESSMENT
1. __________ was the first Windows operating system to support FAT32.
2. How many hives are in the Windows Registry?
1
2
5
8
3. Stack memory is stored in a first-in, last-out format.
True
False
4. Which of the following is a concern for capturing live data that is caused by data being changed as it is being captured?
Slurred image
Corrupt image
Data corruption
Memory fragmenting
5. In Windows 7, the swap file ends with what extension?
.sys
.swp
.swap
.vmem
6. You are examining a Windows 7 laptop. The suspect is accused of having illegal pornographic images on the laptop. The suspect insists that he did not know the images were on the laptop, so you decide to examine the Windows Registry to find evidence that he did access the folder in which the images are stored. Which of the following Registry keys would help you do this?
ShellBag
Prefetch
UserAssist
DeskIcon
LNK
7. Juan is working on a case involving an employee who has been accused of visiting sites that violate company policy. He feels certain that there will be plenty of evidence, if he can extract the browser history. Juan would like to extract the employee’s browser history. Where does Internet Explorer store history?
Registry
index.dat
Webcache.dat
history.dat
8. Ahmed is looking for Registry entries that reflect the settings of the last known good boot of a given Registry key. __________ could be what is known as the last known good control set, or the control set that last successfully booted Windows.
Controlset001
Controlset002
Currentcontrolset
Clone
9. Danielle is a forensic analyst with a private investigation firm. She has been asked to investigate a laptop that is suspected of being involved in the hacking of the organization’s server. Danielle wants to find all the values typed into the Run box in the Start menu. Which of the following Registry keys should she check to find this information?
UserAssist key
MountedDevices key
RunMRU key
TypedURLs key