Module 04 - Types of Data Acquisition

0.0(0)
Studied by 0 people
call kaiCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/22

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 8:17 PM on 4/8/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai

No analytics yet

Send a link to your students to track their progress

23 Terms

1
New cards

What allows an investigator to capture only selected files or file types of interest to the case?

Logical acquisition

2
New cards

What collects fragments of unallocated data, allowing investigators to acquire deleted files?

Sparse acquisition

3
New cards

Which of the following are files that would fall in line with logical acquisition?

Collection of Outlook .pst or .ost files in email investigations

4
New cards

Which of the following are files that would fall in line with logical acquisition?

Specific record collection from a large RAID server

5
New cards

Which of the following is useful when it is not necessary to inspect the entire drive?

Sparse acquisition

6
New cards

What is is a bit-by-bit copy of any storage media that contains a cloned copy of the entire media, including all its sectors and clusters?

Bit-Stream Imaging

7
New cards

What cloned copy of the storage media contains all the latent data that enables investigators to retrieve deleted files and folders? Investigators often use bit-stream images of the suspect media to prevent contamination of the original media.

Bit-Stream Imaging

8
New cards

Investigators often use ________ of the suspect media to prevent contamination of the original media.

bit-stream images

9
New cards

Which of the following tool can read bit-stream images, which further facilitates the investigation process?

FTK Imager

10
New cards

Which of the following tool can read bit-stream images, which further facilitates the investigation process?

EnCase

11
New cards

What are two kinds of bit-stream imaging procedures?

Bitstream disk-to-image-file and bit-stream disk-to-disk

12
New cards

Which of the following data acquisition method is commonly used by investigators and is a flexible method that enables the creation of one or more copies of the suspect drive?

Bit-stream disk-to-image-file

13
New cards

Which of the following tool can be used to create image files?

ProDiscover

14
New cards

Which of the following tool can be used to create image files?

EnCase

15
New cards

Which of the following tool can be used to create image files?

FTK

16
New cards

Which of the following tool can be used to create image files?

The Sleuth Kit

17
New cards

Which of the following tool can be used to create image files?

X-Ways Forensics

18
New cards

Which of the following involves investigators not being able to create a bit-stream disk-to-image file in the following situations?

The suspect drive is very old and incompatible with the imaging software

19
New cards

Which of the following involves investigators not being able to create a bit-stream disk-to-image file in the following situations?

There is a need to recover credentials used for websites and user accounts

20
New cards

Which of the following bit-stream disk-to-disk copy of the original disk or drive can be performed?

While creating a disk-to-disk copy, the geometry of the target disk, including its head, cylinder, and track configuration, can be modified to align with the suspect drive.

21
New cards

What tool can help create a disk-to-disk bit-stream copy of the suspect drive?

EnCase

22
New cards

What tool can help create a disk-to-disk bit-stream copy of the suspect drive?

SafeBack

23
New cards

What tool can help create a disk-to-disk bit-stream copy of the suspect drive?

Tableau Forensic Imager