Quizalize logo
placeholder image to represent content

Day 2 : FOR500 Quiz

Quiz by Gaurav Sharma

Feel free to use or edit a copy

includes Teacher and Student dashboards

Measure skills
from any curriculum

Tag the questions with any skills you have. Your dashboard will track each student's mastery of each skill.

With a free account, teachers can
  • edit the questions
  • save a copy for later
  • start a class game
  • automatically assign follow-up activities based on students’ scores
  • assign as homework
  • share a link with colleagues
  • print as a bubble sheet

Our brand new solo games combine with your quiz, on the same screen

Correct quiz answers unlock more play!

New Quizalize solo game modes
55 questions
Show answers
  • Q1
    What is a primary purpose of Windows Event Logs in forensic investigations?
    To manage system updates
    To maintain backup copies of files
    To store user password hashes
    To provide timestamps of system events
    30s
  • Q2
    Which Windows feature allows forensic investigators to access previous versions of files?
    Disk Cleanup
    Previous Versions
    System Restore
    File History
    30s
  • Q3
    What file system artifact is essential for analyzing recently accessed files in Windows?
    Prefetch folder
    Recycle Bin
    Pagefile
    User Assist registry key
    30s
  • Q4
    Which tool is commonly used for analyzing memory dumps in Windows forensics?
    EnCase
    Volatility
    Wireshark
    FTK Imager
    30s
  • Q5
    What is the significance of the Windows Pagefile in forensic investigations?
    It manages device drivers
    It stores user preferences
    It holds installation files
    It can contain remnants of deleted data
    30s
  • Q6
    Which of the following artifacts can be analyzed to determine the last shutdown time of a Windows system?
    Windows registry
    Prefetch files
    System event log
    Recovery partition
    30s
  • Q7
    What is the primary function of the Windows Prefetch feature?
    To speed up application launch times
    To backup system files
    To clean temporary files
    To monitor user activity
    30s
  • Q8
    Which of the following tools is specifically designed for analyzing NTFS file systems in a forensic context?
    Resource Hacker
    Windows Event Viewer
    FTK Imager
    Process Explorer
    30s
  • Q9
    In Windows forensics, what does the term 'Artifacts' refer to?
    Support files for applications
    Physical hardware components
    Backup disk images
    Residual data left by user activity
    30s
  • Q10
    What role does the Windows Registry play in digital forensics?
    Creates system backups
    Manages application installations
    Stores configuration settings and user preferences
    Maintains a file index
    30s
  • Q11
    Which Windows artifact provides information about user folder navigation and opened directories?
    $MFT
    Shellbags
    $UsnJrnl
    Prefetch
    30s
  • Q12
    What registry key provides evidence of USB devices connected to a Windows system?
    HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USBSTOR
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Shell
    30s
  • Q13
    Which event ID should be reviewed to confirm the creation of a new user account in the Security log?
    4624
    4720
    4670
    1102
    30s
  • Q14
    Which command would you use to list all available Volume Shadow Copies on a suspect system?
    wmic volume get shadowcopyid
    sc query vss
    vssadmin list shadows
    net share
    30s
  • Q15
    What is the primary purpose of the Amcache.hve file in forensic analysis?
    To log user logins
    To track application execution data, including file metadata and execution counts
    To record system errors
    To store browser history
    30s

Teachers give this quiz to your class