$2.$ The initial values of a FAT table are shown below $($All values decimal, $-1$ indicates an end of file$).$

$0-19-1$

$5-15-1$

The system uses free blocks starting at the lowest$-$numbered block, so after writing file A$,$ which uses $2$ blocks, the table looks like this:

$0-194-1-1$

$5-15-1$

$.$

Show the FAT after all of the following additional actions:

$2$a$)$ File B is written, using $2$ blocks

$2$b$)$ File A is deleted

$2$c$)$ File C is written using $4$ blocks

$0$

$5$

$10$

$15$

$20$

Focus: File Allocation Table

$3.$ You got involved in a case where there was an incident in a system. Unfortunately, your forensics knowledge is barely minimum. The computer security expert in your company provided you with an copy of a few entries of the file system directory and the File Allocation Table. Your task is to try to find which file was deleted and which data clusters it was utilizing so the expert may try to recover information from it$.$ For now, the only information you have is that the name of the file starts with Y$.$

Directory layout:

Directory entries $($all values hexadecimal, cluster size is $1024$ bytes$)--$ Be sure to have this as a full screen so you see all the values in their appropriate rows.

$594$F $554641494$C $20545854200000000000000000000012257019030020010000$

$594$F $5544554$D $412054585420000000000000000000001045701$A $050008070000$

E$54$F $55474$F $4$F $442054585420000000000000000000001135951$A $08000$A $070000$

$5748594$D $452020205458542000000000000000000000205572180$B $00$ A$00$F $0000$

File Allocation Table $($FAT $16,$ starting from cell $0)$

$01000200$ FF FF FF FF $00000600$ FF FF $00000000000000000$C $000$D $000$E $00$ FF FF

Answers you need to provide:

$3$a$)$ Full name of the deleted file $($such as TEST.JPG$)$

$3$b$)$ Which data clusters may still contain the deleted data $($such as $1,4,7)$

$3$c$)$ Which day, month and year the deleted file was created