On a FAT-based file system, what happens when a file is deleted?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards

From $9.99Unlock all

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

Multiple Choice

On a FAT-based file system, what happens when a file is deleted?

Deleting a file on a FAT file system is a metadata operation, not an immediate data wipe. When you delete, the system marks the directory entry as deleted and frees the clusters in the FAT, but the actual bytes that made up the file remain on disk until those sectors are overwritten by new data. Because the original data can still exist in those sectors, forensic tools can often recover the file by reconstructing the cluster chain and reassembling its contents. Only if the space is overwritten or a secure-delete process is used would recovery be unlikely. So, in standard FAT deletion, the data is typically recoverable, which is why the notion of it being erased and irrecoverable isn’t generally accurate.

On a FAT-based file system, what happens when a file is deleted?

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

On a FAT-based file system, what happens when a file is deleted?

Get the latest from Examzify