Review Questions

1. When acquiring a hard drive using a Linux boot disk with LinEn, what would be the cause of EnCase (LinEn) not detecting partition information?

A. The drive has been FDisked and the partition(s) removed.

B. The partition(s) are not recognized by Linux.

C. Both A and B.

D. None of the above.

2. LinEn contains a write blocker that protects the target media from being altered.

A. True

B. False

3. As a good forensic practice, why would it be a good idea to wipe a forensic drive before reusing it?

A. Chain-of-custody

B. Cross-contamination

C. Different file and operating systems

D. Chain of evidence

E. No need to wipe

4. If the number of sectors reported by EnCase does not match the number reported by the manufacturer for the drive, ...

Get EnCE EnCase Computer Forensics: The Official EnCase Certified Examiner Study Guide, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial