Computer Hacking Forensic Investigator (CHFI) — Question 116

In the context of file deletion process, which of the following statement holds true?

Answer options

• A. When files are deleted, the data is overwritten and the cluster marked as available
• B. The longer a disk is in use, the less likely it is that deleted files will be overwritten
• C. While booting, the machine may create temporary files that can delete evidence
• D. Secure delete programs work by completely overwriting the file in one go

Correct answer: C

Explanation

Option C is correct because during the boot process, temporary files may be created that can obscure traces of previously deleted files. Option A is incorrect since deleting files typically does not involve immediate overwriting of data. Option B is misleading as the likelihood of overwriting depends on disk usage patterns, not solely on time. Option D is inaccurate because secure delete programs often overwrite files multiple times rather than in a single operation.