Chapter 5
1. Why do you need to be careful about the utilities you choose to use for disk imaging?
Answer: Courts often accept evidence collected by tools that have been used in past trials. You should be prepared to testify to the authenticity and reliability of the tools that you use, otherwise the evidence may not be admissible.
2. What is an HPA?
Answer: HPA stands for host protected area, an area created on a hard disk specifically to allow manufacturers to hide diagnostic and recovery tools. It is a hidden portion of the disk that can’t be used by the operating system. (HPA is sometimes referred to as hidden protected area or hardware protected area.)
3. Name some limitations of virtual environments when used for forensics.
Answer:
Get Computer Forensics JumpStart, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
