Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-49v10 All Questions

View all questions & answers for the 312-49v10 exam
Go to Exam

Exam 312-49v10 topic 1 question 306 discussion

Actual exam question from ECCouncil's 312-49v10
Question #: 306
Topic #: 1
[All 312-49v10 Questions]

Which of the following file contains the traces of the applications installed, run, or uninstalled from a system?

  • A. Shortcut Files
  • B. Virtual files
  • C. Prefetch Files
  • D. Image Files
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Denovembre at Dec. 14, 2021, 6:30 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Denovembre
Highly Voted 2 years, 11 months ago
Selected Answer: C
should be Prefetch
upvoted 9 times
...
aqeel1506
Most Recent 4 months, 1 week ago
The correct answer is C. Prefetch Files. Prefetch files contain traces of applications installed, run, or uninstalled from a system. Prefetch files are created by Windows to optimize application loading times and contain information such as: Application name and path Execution time and frequency File access history Prefetch files are stored in the Windows Prefetch folder (e.g., C:\Windows\Prefetch) and can be useful in digital forensics investigations to reconstruct a user's activity and identify installed or run applications. Here's a brief overview of the other options: A. Shortcut Files: Contain links to applications or files, but don't necessarily indicate installation or usage. B. Virtual files: Don't exist in the context of Windows file systems. D. Image Files: Contain graphical data, not application usage traces
upvoted 1 times
...
Elb
6 months, 1 week ago
Selected Answer: C
C > Prefetch files contain applications/software that was once uninstalled/deleted run on the system later.
upvoted 1 times
...
torabi123
1 year ago
https://bookshelf.vitalsource.com/reader/books/9781635676969/pageid/657 Module 06: Windows Forensics / LO#04: Examine Windows Files and Metadata Page 658 Prefetch Files: Examining the prefetch directory helps determine the applications that have been run on a system. --> Prefetch files
upvoted 1 times
...
Cheng89
1 year, 5 months ago
Selected Answer: C
Within Prefetch files, there are records of the application's execution path, dependent files, library files, and other information, as well as the application's launch parameters and execution time. These details can help forensic investigators determine the applications that were installed and run on a system, including traces of uninstalled applications. By analyzing Prefetch files, investigators can gather valuable information about the system's usage, the timing and frequency of application executions, and other key details. This can assist in reconstructing the system's activity history and identifying potential security issues.
upvoted 1 times
...
diomaya
1 year, 6 months ago
Selected Answer: A
From EC Council: Prefetch files store information on applications that have been run on the system...
upvoted 2 times
...
sampb
2 years, 6 months ago
Selected Answer: C
Prefetch file store the data regarding the applications
upvoted 3 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel