Computer Hacking Forensic Investigator (CHFI v10) — Question 300

Investigator Janet comes across a suspicious Windows registry key during a computer hacking forensic investigation. She believes modifying this key is associated with the recent cyberattack on the company's servers. In order to confirm this, Janet needs to reference a timestamp embedded inside the registry key. What is the correct name of this timestamp?

Answer options

• A. Last Write Time
• B. User Activity Time
• C. System Modification Time
• D. Current System Time

Correct answer: A

Explanation

The correct answer is 'Last Write Time' because it specifically refers to the timestamp indicating when the registry key was last modified. The other options do not accurately describe the timestamp associated with registry keys in Windows; 'User Activity Time' and 'System Modification Time' are not standard terms used in this context, while 'Current System Time' refers to the present time rather than a modification timestamp.