Which tool is primarily used for imaging a suspect's hard drive without altering its contents?
Correct!
Wrong!
FTK Imager allows forensic investigators to create exact bit-level images of storage media while maintaining the integrity of the original data.
What is the main purpose of a write blocker in digital forensics?
Correct!
Wrong!
A write blocker ensures that the original evidence is not modified during analysis, preserving data integrity.
Which hash algorithm is most commonly used to verify the integrity of forensic images?
Correct!
Wrong!
MD5 and SHA-1 are both used in forensics, but MD5 remains a popular choice for generating checksums to confirm data integrity.
What is the function of the tool 'Autopsy' in computer forensics?
Correct!
Wrong!
Autopsy is an open-source digital forensics platform that helps examiners analyze hard drives and smartphones efficiently.
Which technique is best suited to recover deleted files from a FAT file system?
Correct!
Wrong!
File carving allows forensic analysts to recover deleted or fragmented files by analyzing raw data blocks.
Which forensic tool is used for memory (RAM) analysis?
Correct!
Wrong!
Volatility is a powerful memory forensics framework that allows investigators to extract artifacts from RAM dumps.