Cengage Chapter 3 - Data Acquisition Flashcards
An open-source data acquisition format that stores image data and metadata. File extensions include .afd for segmented image files and .afm for ____ metadata.
Advanced Forensic Format (AFF)
An area of a disk drive reserved for booting utilities and diagnostic programs. It’s not visible to the computer’s OS.
host protected area (HPA)
A data acquisition method used when a suspect computer can’t be shut down to perform a static acquisition. Captured data might be altered during the acquisition because it’s not write-protected. _______________________ aren’t repeatable because the suspect computer’s OS is continuously altering data.
live acquisitions
This data acquisition method captures only specific files of interest to the case or specific types of files, such as Outlook .pst files.
logical acquisition
A data acquisition format that creates simple sequential flat files of a suspect drive or data set.
raw format
Two or more disks combined into one large drive in several configurations for special needs. Some RAID systems are designed for redundancy to ensure continuous operation if one disk fails. Another configuration spreads data across several disks to improve access speeds for reads and writes.
redundant array of independent disks (RAID)
Like logical acquisitions, this data acquisition method captures only specific files of interest to the case, but it also collects fragments of unallocated (deleted) data. See also logical acquisition.
sparse acquisition
A data acquisition method used when a suspect drive is write-protected and can’t be altered. If disk evidence is preserved correctly, ____________________ are repeatable.
static acquisitions
An encryption technique that performs a sector-by-sector encryption of an entire drive. Each sector is encrypted in its entirety, making it unreadable when copied with a static acquisition method.
whole disk encryption
