Windows Registry Forensics Coursera Quiz Answers 2022 | All Weeks Assessment Answers [💯Correct Answer]

Hello Peers, Today we are going to share all week’s assessment and quizzes answers of the Windows Registry Forensics course launched by Coursera totally free of cost✅✅✅. This is a certification course for every interested student.

In case you didn’t find this course for free, then you can apply for financial ads to get this course for totally free.

Check out this article – “How to Apply for Financial Ads?”

About The Coursera

Coursera, India’s biggest learning platform launched millions of free courses for students daily. These courses are from various recognized universities, where industry experts and professors teach in a very well manner and in a more understandable way.

Here, you will find Windows Registry Forensics Exam Answers in Bold Color which are given below.

These answers are updated recently and are 100% correct✅ answers of all week, assessment, and final exam answers of Windows Registry Forensics from Coursera Free Certification Course.

Use “Ctrl+F” To Find Any Questions Answer. & For Mobile User, You Just Need To Click On Three dots In Your Browser & You Will Get A “Find” Option There. Use These Option to Get Any Random Questions Answer.

About Windows Registry Forensics Course

The Windows Registry Forensics course shows you how to examine the live registry, the location of the registry files on the forensic image, and how to extract files.

Course Apply Link – Windows Registry Forensics

Windows Registry Forensics Quiz Answers

Week 1 Quiz Answers

Quiz 1: Windows Registry Forensics Quiz

Q1. The Windows Registry is defined as

• SQL database
• Central relational database
• Central hierarchical database
• Flat file

Q2. The Windows Registry replaced which type of file?

• Link Files
• Property lists
• Configuration and Initialization files
• Log Files

Q3. What information is NOT contained in the Windows Registry?

• System Information
• Disk structure information
• Application specific information
• user information

Q4. The Windows Registry can be useful for?

• Validating findings through an investigation
• Determining the number of partitions on a drive
• Determining cluster size
• looking up a phone number

Q5. Registry is important because it records?

• installed programs
• user account information
• all of these
• devices attached to the computer

Q6. The type of case you are investigating…

• will determine the type of information you are looking for
• will NOT determine the type of information you are looking for
• only matters if it is a Windows 7 computer
• has nothing to do with the registry

Q7. The Windows Registry contains

• All of these
• Keys
• Hives
• Sub-Keys
• Data
• Values

Q8. The registry hive files are pulled into memory, handle keys, and represented as

• user Keys (UK)
• File Keys (FK)
• Block Keys (BK)
• Handle Keys (HK)

Q9. Which Registry Key is only found on a live running system?

• Security
• Sam
• Hardware
• System
• Software

Q10. Registry values can be in several different forms. Which is not a registry value form?

• Binary Data
• SQL Data
• String Data
• Hex Data

Q11. The user specific registry files contained in the registry are?

• PTUser.reg and user.Dat
• Amcache and Sam
• NTUser.Dat and UsrClass.Dat
• None of the above

Q12. The system specific files contained within the registry are?

• security
• All of these
• AmCache
• software
• Sam
• system

Q13. The Sam, Security, Software, and System Registry files are located at

• Volume root\Windows\Sam\config
• Volume root\Windows\system32\config
• Volume root\WindowsNT\system32\config
• Volume root\system32\user\config

Q14. What are the two registry files that relate to a specific user?

• NTUser.dat and Software
• NTUser.dat and USRClass.dat
• Sam and System
• Sam and Security

Q15. Registry browser is a

• Hex editor
• Registry hive sub-key
• Older type of Windows registry prior to Windows 95
• Specialized tool used to view the Window Registry

Q16. Which sub-key is used to determine the current control set?

• Windows
• System
• Microsoft
• Select

Q17. What registry hive file contains the the time zone setting

• Sam
• Software
• System
• Security

Q18. The Windows OS Version and Install date are contained in the __ registry hive?

• Security
• System
• Software
• Sam

Q19. Regarding the live Windows Registry, which two hive keys or sub keys only exists in the live registry?

• Both A and B
• HKEY_LOCAL_MACHINE—HARDWARE SUBKEY
• None of these
• HKEY_LOCAL_MACHINE-SYSTEM SUBKEY
• HKEY_LOCAL_MACHINE-SAM SUBKEY
• HKEY_CURRENT_USER

Q20. Which two Registry files are not accessible on a live running computer. As seen in Regedit.

• Sam
• Both Security and software
• security
• software
• system
• Both Sam and security

Q21. What Registry sub key contains a list of recently used documents by file extension?

• The Run Sub Once subkey
• The Run MRU subkey
• Recent Docs subkey
• User Assist

Q22. The typed URL subkey contains:

• Recently run applications
• Search terms typed into Windows Explorer
• Programs run at startup
• Web Addresses typed into the Internet Explorer Address Bar

Q23. The values in which key are stored using ROT13

• Run
• Typed URLs
• User Assist
• Recent Applications

Q24. This sub key tracks recently used applications and may contain a record of the files that were opened with each application…

• Run Once
• User Assist
• Recent Apps
• Run MRU

Q25. This subkey tracks user specific, persistent, applications that are set to run at start up?

• Run MRU
• Recent Apps
• Run
• Run Once

Q26. This key tracks files that have been opened or saved within a Windows Open/Save dialog box. This includes web browsers and commonly used applications?

• Run MRU
• ComDlg32 OpenSavePidMRU
• Recent Docs
• Recent Apps

Q27. This key maintains a list of all the values typed into the Run box on the Start menu?

• Run
• Run MRU
• WordWheel Query
• Run Once

Q28. The subkey Typed Paths does what?

• Keeps track of URL typed into the Internet Explorer Address Bar
• Keeps track of Files, Directories, or programs accessed by typing a File path into Windows Explorer
• comdlg 32
• Runs at startup

Q29. Microsoft Office MRU are…

• programs or applications launched through the windows run box
• User specific programs that are set to run at startup with no interaction from
• Recently used Microsoft Office Documents
• created when a user types a path to a directory, file or application into the windows explorer.

Q30. What subkey tracks user key word searches?

• ComDlg32
• Recent Apps
• Run MRU
• WordWheel query

Q31. The SAM file stores what information?

• Information about files and applications recently accessed by a user
• information about the users internet accounts and browser history
• Programs set to Run at startup by a user
• information about each user such as login information, login password hashes, and group information

Q32. The Security identifier SID is comprised of 3 parts…

• Issuing identifier-Domain authority-Machine identifier
• Issuing authority- Machine/domain identifier- Relative identifier
• user name – Profile path- User directory
• All of the above

Q33. The Machine identifier of the local machine is found in the __ subkey

• Users
• Domains
• Groups
• Account

Q34. The relative identifier or RID identifies a?

• User
• Domain
• Group
• Machine

Q35. The Names subkey identifier the user’s name and __ ?

• Relative Identifier
• last logon time
• log on count
• password hash

Q36. The last logon time is stored in the _ subkey?

• Names
• Accounts
• User
• Domains

Q37. The V value of the users subkey contains?

• last logon date and time
• username and password hash
• log on count
• number of failed logon’s

Q38. What is the function of the RunMRU subkey in the Software Hive File?

• all of the above
• This key tracks user searches
• This key shows programs that run at startup
• This key maintains a list of all the values typed into the Run box on the Start menu

Q39. The OpenSavePidMRU sub-key, which is a sub-key of Comdlg 32 tracks … ?

• User logon information and last logged on user
• AutoStart locations
• values typed into the Run box on the Start menu
• A specific executable used to open the files

Q40. Information indicating the last logged on user would be found in which sub-key within the software hive file?

• Comdlg 32
• Classes
• LogonUI
• Run

Q41. _ is an autostart location in the Software Hive File.

• Run Key
• Comdlg 32
• RunMRU
• Installed printers

Q42. Windows OS install date and time would be found in the Software file in which sub-key?

• Run Once
• Winlogon
• Windows
• Current Version

Q43. The network list sub-keys profiles and signatures contain what information?

• Domain user account information
• Wireless network dates and times and gateway MAC address
• Evidence of program execution
• User account information

Q44. In the software hive file, what 2 sub-keys contain information regarding the connection of USB devices?

• Mountpoints and Mountspoints2
• Mountpoints2 and RunMRU
• Devices and EMD Management
• USBStore and USB

Q45. What key within the system file is used to determine the current control set?

• Control
• Prefetch
• Services
• Select

Q46. The last shutdown time is found within which sub-key in the system hive file?

• USBstore
• select
• control
• Windows

Q47. In the system hive, the Windows services sub-key tracks programs that _?

• is not a subkey in the system hive
• run automatically when the system is booted, and are started by the system and with no interaction from the user
• Tracks USB Devices
• Indicates when the system needs service

Q48. What subkey in the system hive file contains settings for the prefetch utility?

• Select
• prefetchParameters
• Windows
• Controlset

Q49. The setting within the system hive file that controls whether or not the page file is cleared at shutdown is _?

• Memory Management
• shutdown
• Crash Control
• select

Q50. What type of information is found at this location in the System hive file

Location:ControlSet001\Enum\USBSTOR\”Device”\”Serial# or Unique instance ID”\Properties{83da6326-97a6-4088-9453-a1923f573b29}

• user account information
• USB device connection and disconnection dates and times
• programs set to run at startup
• prefetch settings

Q51. Appcompatcache was created by Microsoft to identify application compatibility Issues between 32 bit and 64 bit applications. What does the cache data track?

• All of these
• File Path
• Last Modified Time
• File Size
• None of these

Q52. Information found in the Background Activity Moderator (BAM) sub-key proves?

• Program execution by a specific user
• Nothing
• Program execution but not by a specific user
• A change to the file MFT record

Q53. What do Shellbags track?

• Folders or Directories within the windows file system
• File Times
• Recently used applications
• Programs run at startup

Q54. The _ hive file stores artifacts such as the Last write time, Install Dates, Application Name, Version, and path to exe or dill

• The NTUser.dat Hive File
• The AmCache Hive File
• The Sam File
• The System Hive File

Conclusion

Hopefully, this article will be useful for you to find all the Week, final assessment, and Peer Graded Assessment Answers of the Windows Registry Forensics Quiz of Coursera and grab some premium knowledge with less effort. If this article really helped you in any way then make sure to share it with your friends on social media and let them also know about this amazing training. You can also check out our other course Answers. So, be with us guys we will share a lot more free courses and their exam/quiz solutions also, and follow our Techno-RJ Blog for more updates.