What are the advantages and disadvantages of using Windows acquisition tools?
What will be an ideal response?
ANSWER: Many forensics software vendors have developed acquisition tools that run in Windows. These tools make acquiring evidence from a suspect drive more convenient, especially when you use them with hot-swappable devices, such as USB-3, FireWire 1394A and 1394B, or SATA, to connect disks to your workstation.
Using acquisition tools with current OSs, such as Windows and Linux, has some drawbacks, however. Because Windows and Linux can easily contaminate an evidence drive when it’s mounted, you must protect it with a well-tested write-blocking hardware device. The automatic mounting process updates boot files by changing metadata, such as the most recent access time. In addition, some countries haven’t yet accepted the use of write-blocking devices for data acquisitions. Check with your legal counsel for evidence standards in your community or country.
You might also like to view...
The term ____________ is used to describe a file to which data is written.
a. input file b. output file c. record file d. record set
(Multiples) Write a function multiple that determines for a pair of integers whether the sec- ond is a multiple of the first. The function should take two integer arguments and return true if the second is a multiple of the first, false otherwise. Use this function in a program that inputs a series of pairs of integers.
What will be an ideal response?