What Windows artifact provides direct evidence of specific files opened by a user?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Get ready for the Cybersecurity and Digital Forensics Test with comprehensive multiple choice questions, flashcards, and detailed explanations. Enhance your skills and prepare for success in the digital security field!

Multiple Choice

What Windows artifact provides direct evidence of specific files opened by a user?

Explanation:
Jump lists are the Windows artifact that provides direct evidence of specific files opened by a user. When you open a document through a supported application, that item often appears in the app’s jump list, showing the exact file name, path, and a timestamp of when it was accessed. This creates a concrete record of user activity—directly linking the user to particular files they opened. Other artifacts work differently. Event logs can capture related actions if auditing is enabled, but they’re general logs of events and may not reliably enumerate every opened file. The registry stores settings and pointers, not a reliable record of opened documents. Shortcuts point to files but don’t prove the files were actually opened. Remember also that jump lists can be cleared or disabled by privacy settings, so their presence isn’t guaranteed in every case, but when they exist they give precise evidence of opened files.

Jump lists are the Windows artifact that provides direct evidence of specific files opened by a user. When you open a document through a supported application, that item often appears in the app’s jump list, showing the exact file name, path, and a timestamp of when it was accessed. This creates a concrete record of user activity—directly linking the user to particular files they opened.

Other artifacts work differently. Event logs can capture related actions if auditing is enabled, but they’re general logs of events and may not reliably enumerate every opened file. The registry stores settings and pointers, not a reliable record of opened documents. Shortcuts point to files but don’t prove the files were actually opened. Remember also that jump lists can be cleared or disabled by privacy settings, so their presence isn’t guaranteed in every case, but when they exist they give precise evidence of opened files.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy