$1.$ What$$s the volume serial number of the GCFI$-$Bart$\_$Jones.E$01$ image? Hint: In FTK Imager, click the $$GCFI$-$bj$01[$NTFS$]$ folder at the left. Then examine the $$Properties$$ pane at bottom left. Also, if the pane at the bottom left shows $$Custom Content Sources$$ pane, you need to click the $$Properties$$ tab at the very bottom to show the $$Properties$$ pane.

$1.$ FIRESTARTER

$2.2,056,257$

$3.184$E$-912$E

$4.$ Can$$t be determined from the evidence

$2.$ What date was the root folder in the GCFI$-$Bart$\_$Jones.E$01$ image last accessed? Hint: In FTK Imager, click the $$root$$ folder at the left and then review the $$Date Modified$$ column at the right.

$1.3/22/2009$

$2.4/25/2017$

$3.1/31/2004$

$4.5/22/2018$

$3.$ What deleted Office files were found in the GCFI$-$Bart$\_$Jones.E$01$ image$$s RECYCLED BIN folder? Hint: these files are in the $$Plans$$ folder in the screenshot below.

$1.!$ATE$1.$XLS

$2.$ CV$.$DOC

$3.$ Burninator$1.$docx, Burninator$2.$doc, Burninator$3.$doc, and Burninator$4.$doc

$4.$ Special Project A$-$Victor$-$rev$01.$docx, Special Project A$-$Whiskey$-$rev$01.$docx, Special Project A$-$Xray$-$rev$01.$docx, Special Project A$-$Yankee$-$rev$01.$docx, and Special Project A$-$Zebra$1-$rev$01.$docx

$4.$ What types of nonsystem files are in the RECYCLED BIN$\backslash$Pleasure folder? $($Choose all that apply.$)$ Hint: Examine the $RYHYWJ$0$ folder as well as all the subfolders under this folder.

$1..$doc and $.$docx files

$2..$xls and $.$xlsx files

$3..$gif files

$4..$jpg files

$5.$ Which two types of file hashes are included in the Firestarter File Hashes.csv file?