Review Questions

  1. What is the first common task when handling evidence?

  2. Which type of hardware is never of interest to an investigation?

  3. When attempting to prove that an individual used a computer, what clues might computer hardware provide?

  4. In addition to hard disk drives , where else might data containing evidence reside?

  5. Should handwritten notes be considered in a computer forensics investigation?

  6. What is the primary concern in evidence collection and handling?

  7. Can you analyze a system that is intact and running?

  8. What happens when a PDA's battery runs down?

  9. What device prohibits any changes to a hard disk drive?

  10. How can you prove that you made no changes to a disk drive during analysis?

Computer Forensics JumpStart
