The most common and time-consuming technique for preserving evidence is creating a duplicate copy of your disk-to-image file.

Many acquisition tools don't copy data in the host protected area (HPA) of a disk drive.

FTK Imager requires that you use a device such as a USB or parallel port dongle for licensing.

The most common and time-consuming technique for preserving evidence is creating a duplicate copy of your evidence image file.

Typically, a(n) ____ acquisition is done on a computer seized during a police raid, for example.

Answer:

For computer forensics, ____ is the task of collecting digital evidence from electronic media.

Answer:

Unlock to view answer

One advantage with live acquisitions is that you are able to perform repeatable processes.

Answer:

Unlock to view answer

One major disadvantage of ____ format acquisitions is the inability to share an image between different vendors' computer forensics analysis tools.

Answer:

Unlock to view answer

SafeBack and SnapCopy must run from a(n) ____ system.

Answer:

Unlock to view answer

The most common and flexible data-acquisition method is ____.

Answer:

Unlock to view answer

Linux ISO images are referred to as ____.

Answer:

Unlock to view answer

Current distributions of Linux include two hashing algorithm utilities: md5sum and ____.

Answer:

Unlock to view answer

The ____ command creates a raw format file that most computer forensics analysis tools can read, which makes it useful for data acquisitions.

Answer:

Unlock to view answer

The ____ command displays pages from the online help manual for information on Linux commands and their options.

Answer:

Unlock to view answer

Microsoft has recently added ____ in its Vista Ultimate and Enterprise editions, which makes performing static acquisitions more difficult.

Answer:

Unlock to view answer

Image files can be reduced by as much as ____% of the original.

Answer:

Unlock to view answer

If your time is limited, consider using a logical acquisition or ____ acquisition data copy method.

Answer:

Unlock to view answer

If the computer has an encrypted drive, a ____ acquisition is done if the password or passphrase is available.

Answer:

Unlock to view answer

The ____ DOS program En.exe requires using a forensic MS-DOS boot floppy or CD and a network crossover cable.

Answer:

Unlock to view answer

The ____ command, works similarly to the dd command but has many features designed for computer forensics acquisitions.

Answer:

Unlock to view answer

Unlike RAID 0, RAID 3 stripes tracks across all disks that make up one volume.

Answer:

Unlock to view answer