EC-Council: Computer Hacking Forensic Investigator(CHFI-V10)
Module 6 : Windows Forensics
         
Questions available : 94 You are not logged in.
Please Login for track your learning progress
   
 
Q. No: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 |
Go to Question No.



Question No 0

If you want to share the link of this question, please click here to "Copy Question Link" and share that generated link. Link from URL may change in future.
 
   
Bookmark this Question
QID: 136  
   
Which following forensic tool allows investigator to detect and extract hidden streams on NTFS drive?


 
A:    Stream Detector
  
B:    Autopsy
C:    TimeStomp
  
D:    analyzeMFT
 
         

 
 

Diffence opinion in Correct Answer or any comment?
Vote / Comment for correct Answer



Comunity Comments:

Pradeep Thomas on 12/04/2025
Opted Answer: A
Option A : Stream Detector is a forensic tool that identifies all hidden files such as images, videos, text, and executables within Alternate Data Streams present on NTFS drives. It can detect the hidden streams on actual file directory and lists hidden stream file name, stream type, size of the stream, etc. This tool can be used to detect and extract hidden streams, delete the file and unwanted streams

Option B (Autopsy) is an open-source digital forensics platform primarily used for analyzing disk images and file systems.

Option C (TimeStomp) is a tool used to manipulate file timestamps, not specifically for detecting hidden streams.

Option D The forensic tool "analyzeMFT" also allows investigators to detect and extract hidden streams on NTFS (New Technology File System) drives, but in CHFI study material this tool is mentioned for detect timestamp forgery on NTFS file system .

















WELCOME TO ONLINE EXAM PREPARATION SYSTEM

Certification Examinations