You are contracted to work as a computer forensics investigator for a regional bank that has four 30 TB storage area networks that store customer data.
What method would be most efficient for you to acquire digital evidence from this network?
A.
Make a bit-stream disk-to-disk file
B.
Make a bit-stream disk-to-image file
C.
Create a sparse data copy of a folder or file
D.
Create a compressed copy of the file with DoubleSpace
The correct answer is B.
I agree with Paul. B is correct answer.
B is the Ans.
Discussing it with the chfi instructor, and from my poin of view, the answer is C, but it depends on the case. In most cases the ans will be C.
Yes I agree with chemi, the question explicitly say ‘most efficient for you to acquire digital evidence from this network’ which is 30 TB, so we can go for a logical(collects only the relevant data, ie: a fragment of entire data set, sparse is similar to logical but sparse also collects fragments or unallocated (example – deleted) data.Recommending Sparse only if there is time constraints.So we can say answer ‘C’ is much practical than ‘B’ in this instance.