Ace Your Exams with Our Notes and Mock Tests!

EC-Council: Computer Hacking Forensic Investigator(CHFI-V10)
Module 6 : Windows Forensics
Questions available : 90		You are not logged in. Please Login for track your learning progress

Q. No: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 |
		Go to Question No.

Question No 2

---

If you want to share the link of this question, please click here to "Copy Question Link" and share that generated link. Link from URL may change in future.

 

---

Bookmark this Question		QID: 136
Which following forensic tool allows investigator to detect and extract hidden streams on NTFS drive?
A:    Stream Detector
B:    Autopsy
C:    TimeStomp
D:    analyzeMFT

Diffence opinion in Correct Answer or any comment?
Vote / Comment for correct Answer

Voting and comment option is available only for Logged in Users.
Please Login

Chosen Answer: A    B    C    D

Comment on this Answer:

Nickname to be shown:

Comunity Comments:

Pradeep Thomas on 18/05/2024
Opted Answer: D

The forensic tool "analyzeMFT" allows investigators to detect and extract hidden streams on NTFS (New Technology File System) drives. Hidden streams are a feature of NTFS that allows data to be associated with a file without being immediately visible in the regular file system. Analyzing the Master File Table (MFT) can reveal information about these hidden streams and their associated files.

Option B (Autopsy) is an open-source digital forensics platform primarily used for analyzing disk images and file systems.

Option C (TimeStomp) is a tool used to manipulate file timestamps, not specifically for detecting hidden streams.

Option A ("Stream Detector") is not a recognized tool in the context of forensic analysis.

0	0			Reply / response option is available only for Logged in Users. Please Login.    Registration is free!!
Your Comment / Reply Nickname to be shown
Reason for Report

Go to Modules