Digital Forensic Certification Practice Exam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Digital Forensic Certification Exam with our comprehensive quiz featuring flashcards and multiple choice questions, all accompanied by insightful hints and explanations. Elevate your readiness for success!

Start Multiple Choice Practice Test
Start Flash Cards

Practice this question and more.

Which system utility scans for modified files and registry entries during program installations?

  1. R-Drive Image

  2. WhatChanged Portable

  3. Snagit

  4. PEiD

The correct answer is: WhatChanged Portable

The correct choice is based on the specific functionalities of the system utilities in question. WhatChanged Portable is designed explicitly to monitor and analyze changes to the file system and the Windows registry. When a program is installed, WhatChanged scans for newly created, modified, or deleted files and registry entries. This tracking capability is particularly useful for users who want to understand the implications of new software installations, as it provides insight into what the program alters on the system. R-Drive Image, on the other hand, is primarily focused on disk imaging and backup, allowing users to create exact images of drives rather than monitoring changes due to a program installation. Snagit is mainly a screen-capture utility with capabilities for editing and sharing images, not for system monitoring or file tracking. PEiD is a tool that detects packed executable files and analyzes them, which does not include tracking installation changes. This makes WhatChanged Portable the suitable tool for identifying modifications associated with new software installations, as it specifically fulfills the need to observe and report on changes made by such processes.

More Questions Like This