Review Questions

  1. Which utility, originally created for the Unix platform, copies and converts files using two basic arguments ( if and of )?

  2. Which software suite provides an Enterprise Edition that specifically supports volatile data analysis on a live Windows system?

  3. Which disk imaging software operates as an extended DOS command shell?

  4. What are two common algorithms used to create hash values for drive images?

  5. Which forensic software suite integrates the dtSearch engine in its searching function?

  6. What two software suites are free?

  7. What are two of several vendors of forensic computers?

  8. After creating an image of a drive, what must you do to ensure that the copy matches the original?

  9. You have many factors to consider when choosing appropriate forensic software. Name two.

  10. Which utilities provide comprehensive forensic functionality?

