What is the primary purpose of a write blocker in digital forensics?
Correct!
Wrong!
A write blocker prevents changes to the original evidence drive, ensuring its integrity during analysis.
Which of the following best describes the chain of custody?
Correct!
Wrong!
The chain of custody is the documentation that records the handling and transfer of evidence from collection to presentation in court.
What is the first step in digital evidence collection?
Correct!
Wrong!
Securing the scene ensures the integrity of all digital and physical evidence before collection begins.
Which file format is commonly used for forensic disk images?
Correct!
Wrong!
The E01 (EnCase) format is widely accepted in forensic investigations for storing disk images with metadata.
Why is hashing important in digital forensics?
Correct!
Wrong!
Hashing verifies that the evidence has not been altered by creating a unique digital fingerprint.
What is the best practice when seizing a computer that is powered on?
Correct!
Wrong!
If a computer is powered on, it may be important to capture volatile memory (RAM) before shutting it down, depending on case urgency.