Explain the sparse data copy method for acquiring digital evidence.
What will be an ideal response?
ANSWER: Collecting evidence from a large drive can take several hours. If your time is limited, consider using a logical acquisition or sparse acquisition data copy method. A logical acquisition captures only specific files of interest to the case or specific types of files. A sparse acquisition is similar but also collects fragments of unallocated (deleted) data; use this method only when you don’t need to examine the entire drive. An example of a logical acquisition is an e-mail investigation that requires collecting only Outlook .pst or .ost files. Another example is collecting only specific records from a large RAID server. If you have to recover data from a RAID or storage area network (SAN) server with several exabytes (EB) or more of data storage, the logical method might be the only way you can acquire the evidence.
You might also like to view...
The Scale attribute of a Flash movie controls the amount of anti-aliasing (smoothing of diagonal or jagged lines) that occurs when the movie is played.
Answer the following statement true (T) or false (F)
When a formula contains a mistake, the cell displays a(n) ________
Fill in the blank(s) with the appropriate word(s).
The unless modifier is the logical opposite of the if modifier.
Answer the following statement true (T) or false (F)
When working with cell references, any change you make to the ____ cell also changes the value in the destination cell.
A. source B. primary C. main D. active