GCFE Exam Questions

What forensic value does the analysis of 'link files' (.lnk) offer?

What role do 'system snapshots' play in forensic analysis of file activities?

Why is live data acquisition important in some forensic investigations?

Which event log is most useful for tracking user login attempts and potential unauthorized access?

What forensic value do Windows registry hives offer in the context of system analysis?

What is the significance of the Recycle Bin in forensic investigations of user activity?

What type of information does the analysis of Flash cookies (LSOs) typically yield in browser forensics?

You are investigating a case of data theft from a corporate server. The suspect accessed the server using a shared account. Which forensic techniques should you use to prove the su...

A forensic investigator needs to track USB devices connected to a corporate laptop involved in intellectual property theft. What steps should the investigator take to gather this e...

Which two user artifacts are critical for understanding a user's browsing habits?

What is the significance of 'shadow copies' in Windows in a forensic investigation?

Which Windows artifact stores details about USB devices that were plugged into a system?

What does the $MFT primarily track on NTFS systems?

Which Windows log contains failed and successful logon attempts?

What is the forensic relevance of 'alternate data streams' in NTFS filesystems?

Which of the following browser artifacts can help identify the websites visited by a user?

In the context of system and device analysis, why is 'network traffic monitoring' crucial?

Why is the 'Last Known Good Configuration' data important in forensic analysis of Windows systems?

Which of the following are critical artifacts for tracking user access to files in cloud storage applications like Dropbox and Google Drive? (Choose Two)

When analyzing browser data in Google Chrome, which files are useful for understanding download history? (Choose Two)

For forensic analysis, which file in Chrome provides insights into user actions regarding file downloads?

Which artifacts are essential for identifying URLs that were typed manually by a user during a browsing session? (Choose Two)

In digital forensics, why is the analysis of 'environment variables' crucial?

What type of forensic data can be extracted from a browser's cache?

You are investigating suspicious emails sent from a company employee's account. The employee denies sending them. What forensic techniques would you use to investigate the authenti...

What can be inferred from analyzing the 'Deleted Items' folder in email applications in a forensic context?

Which two artifacts are essential for tracking file access and modification times on a Windows system?

Which of the following is a primary forensic artifact found in web browsers that can help in identifying user activities?

What can be inferred from the analysis of 'executable files' in a digital forensic investigation? (Choose Two)

A forensic investigator is analyzing a Windows system suspected of containing malware. The user claims they did not install any suspicious programs. Which artifacts would you analy...

Which artifact is typically used to determine application execution on Windows?

The Windows Recycle Bin stores deleted file metadata in which file?

Which browser artifact contains visited URLs and download history for Microsoft Edge/IE?

What Windows Registry hive would you analyze for user-specific evidence?

Which of the following artifacts from cloud storage services is most valuable in determining when a file was uploaded to the cloud?

How can the analysis of 'file metadata' aid in understanding the timeline of events on a system?

What role does the Master File Table (MFT) play in the forensic analysis of NTFS filesystems?

Which Windows artifact is primarily used to store metadata about files, including the file creation and modification times?

How does analyzing 'file access times' contribute to forensic investigations?

In the context of digital forensics, how does analyzing 'log files' of a program help in an investigation?

What is the primary purpose of Windows event logs in the context of digital forensics?

How does examining 'startup folder contents' help in forensic investigations?

What is the primary purpose of creating a forensic image of a hard drive?

Why is the analysis of 'boot logs' critical in digital forensics?

How can an analyst use 'security logs' to detect unauthorized access attempts?

How do forensic analysts use slack space in the context of digital investigations?

What does the analysis of the 'Index.dat' file provide in Internet Explorer browser forensics?

An examiner wants to identify persistence via Run keys. Which Registry location should they check?

Which timeline artifact records the time files were created, accessed, modified and changed?

Which forensic imaging principle maintains data integrity?