Think You Know Forensics?
You wouldn’t believe how often we get asked the following 5 questions. Test your knowledge of our frequently asked questions to see if your computer forensic knowledge is up to par.
Question One: How many documents are generally in 1 GB?
Answer: Trick question! There is no way to estimate how many documents are in a gigabyte because all files vary in size depending on their file type and the content.”
Question Two: After a forensic image of a system is made, is there any evidence on that system that it has been acquired?
c. It depends on what software was used.
Answer: b. No, if forensic software was used to image a computer in the correct manner, then the user will not be able to tell that any images have been made of their system.
Question Three: If a computer is password protected, do you have to have the password in order to create a forensic image of it?
c. It depends on how the system was set up.
Answer: b. No, passwords can be bypassed and are not necessary in order to image a computer. (Although encryption is a totally different story.)
Question Four: About how long does it take to create a forensic image of a 160 GB laptop?
a. 30 minutes
b. 1 hour
c. 2 hours
Answer: b. 1 hour
Question Five: If a user deletes a file on a system prior to that system being imaged, the file is gone forever and cannot be recovered.
c. It depends.
Answer: c. It depends. The file is gone forever and cannot be recovered only if the trash bin has been emptied and the file has been written over by other activities on the system.