Think You Know Forensics?

digital discovery bytes 0 Comments
Feb 21

You wouldn’t believe how often we get asked the following 5 questions. Test your knowledge of our frequently asked questions to see if your computer forensic knowledge is up to par.

Question One:  How many documents are generally in 1 GB?

a.    1,000

b.    10,000

c.    100,000

Answer: Trick question! There is no way to estimate how many documents are in a gigabyte because all files vary in size depending on their file type and the content.

Question Two: After a forensic image of a system is made, is there any evidence on that system that it has been acquired?

a.    Yes

b.    No

c.    It depends on what software was used.

Answer: b. No, if forensic software was used to image a computer in the correct manner, then the user will not be able to tell that any images have been made of their system.

 

Question Three:  If a computer is password protected, do you have to have the password in order to create a forensic image of it?

a.    Yes

b.    No.

c.    It depends on how the system was set up.

Answer: b. No, passwords can be bypassed and are not necessary in order to image a computer. (Although encryption is a totally different story.) 


Question Four:  About how long does it take to create a forensic image of a 160 GB laptop?

a.    30 minutes

b.    1 hour

c.    2 hours

Answer: b. 1 hour

 

Question Five: If a user deletes a file on a system prior to that system being imaged, the file is gone forever and cannot be recovered.

a.    True

b.    False

c.    It depends.

Answer: c. It depends. The file is gone forever and cannot be recovered only if the trash bin has been emptied and the file has been written over by other activities on the system.

0 COMMENT(S)

LEAVE A COMMENT