A forensics investigator searches C:\RECYCLED but finds nothing. Why might nothing be found?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

Multiple Choice

A forensics investigator searches C:\RECYCLED but finds nothing. Why might nothing be found?

Explanation:
The idea being tested is that deleted data in Windows is kept in a hidden, protected location, so it won’t appear in a normal directory listing. When you search for a folder like C:\RECYCLED, you may find nothing even though items were deleted, because the Recycle Bin stores items in a system-hidden folder (for NTFS, typically something like $Recycle.Bin on the root of the drive). These files have the hidden and system attributes, so standard views don’t show them. To reveal them, you need to list hidden/system files or enable viewing of protected OS files, for example using a command that shows all files (such as dir /a) or adjusting Explorer to show hidden and protected operating system files. That’s why nothing showed up at that path. The other options aren’t accurate because the Recycle Bin does exist on NTFS, its location isn’t simply C:\RECYCLED, and System32 isn’t the location used for deleted-item storage.

The idea being tested is that deleted data in Windows is kept in a hidden, protected location, so it won’t appear in a normal directory listing. When you search for a folder like C:\RECYCLED, you may find nothing even though items were deleted, because the Recycle Bin stores items in a system-hidden folder (for NTFS, typically something like $Recycle.Bin on the root of the drive). These files have the hidden and system attributes, so standard views don’t show them.

To reveal them, you need to list hidden/system files or enable viewing of protected OS files, for example using a command that shows all files (such as dir /a) or adjusting Explorer to show hidden and protected operating system files. That’s why nothing showed up at that path. The other options aren’t accurate because the Recycle Bin does exist on NTFS, its location isn’t simply C:\RECYCLED, and System32 isn’t the location used for deleted-item storage.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy