Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-49v10 All Questions

View all questions & answers for the 312-49v10 exam
Go to Exam

Exam 312-49v10 topic 1 question 717 discussion

Actual exam question from ECCouncil's 312-49v10
Question #: 717
Topic #: 1
[All 312-49v10 Questions]

A Computer Hacking Forensics Investigator (CHFI) has been asked to retrieve specific email files from a large RAID server after a data breach. Additionally, fragments of unallocated (deleted) data are also required. However, there is a severe constraint on time and resources. Considering these requirements, which type of data acquisition should the investigator primarily focus on?

  • A. Logical acquisition
  • B. Bit-stream disk-to-disk
  • C. Sparse acquisition
  • D. Bit-stream disk-to-image-file
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Elb at April 24, 2024, 8:38 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
4bd3116
4 months ago
Selected Answer: D
While logical acquisition is faster and can efficiently retrieve specific files, it does not capture deleted data. Given that the CHFI must retrieve both specific email files and fragments of unallocated data, bit-stream disk-to-image-file would be the more appropriate choice despite its higher time and resource requirements. This method ensures that all relevant data, including deleted fragments, is available for analysis
upvoted 1 times
...
aqeel1506
4 months ago
so the answer is A logical acquisition
upvoted 1 times
...
aqeel1506
4 months ago
Logical Acquisition is often recommended when the focus is on retrieving specific files or types of data, especially under time constraints. Sparse Acquisition is useful in some scenarios but may not be ideal for comprehensive retrieval of specific files and unallocated data, as it is more selective. Thus, Logical acquisition aligns with the CHFI textbook’s guidance on effectively addressing the need to quickly retrieve specific files and data fragments in a constrained environment.
upvoted 1 times
...
Elb
5 months, 2 weeks ago
Selected Answer: C
Sparse acquisition is similar to logical acquisition. Through this method, investigators can collect fragments of unallocated (deleted) data. This method is useful when it is not necessary to inspect the entire drive.
upvoted 2 times
...
Elb
7 months ago
C < https://info-savvy.com/data-acquisition-methods/#:~:text=2.-,Sparse%20Acquisition,to%20inspect%20the%20entire%20drive.
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel