A security analyst is examining a former employee's laptop for suspected evidence of suspicious activity. The analyst usesddduring the investigation. Which of the following best explains why the analyst is using this tool?
A.
To capture an image of the hard drive
B.
To reverse engineer binary programs
C.
To recover deleted logs from the laptop
D.
To deduplicate unnecessary data from the hard drive
Theddtool creates a bit-for-bit copy of a hard drive, preserving its contents exactly as they are. This is essential for forensic analysis, as it ensures the integrity of evidence. This aligns with CASP+ objective 5.2, which emphasizes forensic tools and techniques for preserving and analyzing digital evidence.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit