Bob was asked to make a copy of all the evidence from the compromised system. Melanie did a DOS copy of all the files on the system. What would be the primary reason for you to recommend for or against using a disk-imaging tool?
A. The evidence file format will contain case data entered by the examiner and encrypted at the beginning of the evidence file.
B. A simple DOS copy will not include deleted files, file slack, and other information.
C. There is no case for an imaging tool because it will use a closed, proprietary format that if compared with the original will not match up sector for sector.
D. A disk-imaging tool would check for internal self-checking and validation and have an MD5 checksum.
Answer: B. A simple DOS copy will not include deleted files, file slack, and other information.
You might also like to view...
An attractive font effect that can be used for headlines and titles is ________
Fill in the blank(s) with correct word
All the following statements are true EXCEPT
A) FireWire works only with Apple computers. B) FireWire devices include camcorders, cameras, and printers. C) FireWire can connect up to 63 devices. D) FireWire supports hot swapping.
A template is a file containing professionally designed content that you can easily replace with your own.
Answer the following statement true (T) or false (F)
The ____________________ is the Outlook folder that contains your personal schedule.
Fill in the blank(s) with the appropriate word(s).