Review Questions


  1. Why do you need to be careful about the utilities you choose to use for disk imaging?

  2. What is an HPA?

  3. How does a mirror image differ from a forensic duplicate?

  4. How can you verify that in imaging the source media, the original media is unchanged?

  5. Name a tool that can be used to image the data in the memory of a PDA.

  6. What does the Netstat utility do?

  7. When collecting evidence, which do you want to extract first: the information in memory or on the hard drive?

  8. Why can choosing the method used to shut down a suspect computer be a difficult decision to make?

  9. If you need to boot a suspect computer to make an image copy, how should you do it?

  10. Name three programs or utilities that can be used to collect forensic images.




Computer Forensics JumpStart
Computer Forensics JumpStart
ISBN: 0470931663
EAN: 2147483647
Year: 2004
Pages: 153

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net