Forensics

?
  • Created by: smrc
  • Created on: 12-08-19 17:10
Explain why we take bit-for-bit images of media such as hard drives and USB sticks.
Bit for bit images are direct copies of the drives. They include data about files, folders, unallocated and slack space. They also include details about deleted and hidden files. This allows for forensic analysis without tampering with the evidenc
1 of 8
When imaging an external storage device, you should always use a write blocker. What is the purpose of a write blocker?
a
2 of 8
How would you use a write blocker when imaging an external storage device?
a
3 of 8
It is common practice for manufacturers to create a host protected area on a hard drive. What is a host protected area?
a
4 of 8
If the device you were examining had a host protected area, how would you go about extracting your images?
a
5 of 8
Outline the steps you would take to conduct a "Live System Acquisition".
a
6 of 8
Demonstrate how you might use "netcat" in a forensic investigation
a
7 of 8
You have been given a mobile phone to analyse. What are the areas where evidence may exist?
a
8 of 8

Other cards in this set

Card 2

Front

When imaging an external storage device, you should always use a write blocker. What is the purpose of a write blocker?

Back

a

Card 3

Front

How would you use a write blocker when imaging an external storage device?

Back

Preview of the front of card 3

Card 4

Front

It is common practice for manufacturers to create a host protected area on a hard drive. What is a host protected area?

Back

Preview of the front of card 4

Card 5

Front

If the device you were examining had a host protected area, how would you go about extracting your images?

Back

Preview of the front of card 5
View more cards

Comments

No comments have yet been made

Similar Computing resources:

See all Computing resources »See all Forensics resources »