nerdexam
GIAC

GCFE · Question #30

GCFE Question #30: Real Exam Question with Answer & Explanation

The correct answer is A. Recycle Bin D. File metadata E. RecentDocs registry key. See the full explanation below for the reasoning.

Question

During a forensic investigation, you need to determine if a user intentionally deleted files to hide evidence. Which artifacts would you analyze to confirm this? (Choose three)

Options

  • ARecycle Bin
  • BPrefetch files
  • CNTUSER.DAT
  • DFile metadata
  • ERecentDocs registry key

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCFE Practice