Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-49v10 All Questions

View all questions & answers for the 312-49v10 exam
Go to Exam

Exam 312-49v10 topic 1 question 696 discussion

Actual exam question from ECCouncil's 312-49v10
Question #: 696
Topic #: 1
[All 312-49v10 Questions]

In a complex forensic investigation, a CHFI investigator has been given a 2 TB suspect drive from which they must acquire relevant data as quickly as possible. The investigator uses a verified and tested data acquisition tool to accomplish this task. Given that the suspect drive cannot be retained, and considering the mandatory requirements of the selected tool, which of the following steps is the most critical for the investigator to ensure a forensically sound acquisition?

  • A. Prioritizing and acquiring only those data that are of evidentiary value
  • B. Testing lossless compression by applying an MD5, SHA-2, or SHA-3 hash on a file before and after compression
  • C. Using Microsoft disk compressions tools like DriveSpace and DoubleSpace to exclude slack disk space between the files
  • D. Compress files by using archiving tools like PKZip, WinZip, and WinRAR
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by aqeel1506 at July 22, 2024, 9:02 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
aqeel1506
4 months ago
A. Prioritizing and acquiring only those data that are of evidentiary value The textbook emphasizes the importance of focusing on relevant evidence while conducting forensic acquisitions. Given the constraints of not being able to retain the suspect drive and the need to manage a large volume of data, it is crucial to prioritize the acquisition of data that has evidentiary value. This approach ensures that the investigation is efficient and that important evidence is preserved while minimizing the handling of non-essential data. The other options, such as using compression tools or focusing on file integrity checks, are important in different contexts but are not the primary concern when dealing with the initial acquisition of data from a suspect drive.
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel