By default Windows $2$k$/$XP$/2$k$3$ store event logs in c:$\backslash$windows$\backslash$system$32\backslash$config

Question $7$ options:

True

False

Question $8(1$ point$)$

Listen

Every entry in the MFT must have exactly one $$30$ attribute.

Question $8$ options:

True

False

Question $9(1$ point$)$

Listen

At the beginning of every NTFS file you will find either FILE$0$ or

Question $9$ options:

BAAD

FILESIG

DOS

ATTR

Question $10(1$ point$)$

Listen

WHICH OF THE REGISTRY FILES CONTAINS THE REGISTERED OWNER AND REGISTERED ORGANIZATION INFORMATION $($CURRENT VERSION INFORMATION$)$

Question $10$ options:

SYSTEM

SAM

SECURITY

SOFTWARE

Question $11(1$ point$)$

Listen

Which of the following is not an evidentiary component of a link file

Question $11$ options:

name of target file

location of the target file

data attributes of the target file

data of the target file

Question $12(1$ point$)$

Listen

All directories require a $A$0$ attribute.

Question $12$ options:

True

False

Question $13(1$ point$)$

Listen

In a prefetch file, the application's date and time of last launch are at offset $\_\_\_\_.$

Question $13$ options:

$44-54$

$52-78$

$120-127$

$144-151$

Question $14(1$ point$)$

Listen

What is the marker that indicates you are at the beginning of a NTFS record.

Question $14$ options:

JFIF

OEMID

FILE$0$

MSDOS $5\mathrm{.}0$