©BRIGHSTARS 2024/2025 ALL RIGHTS RESERVED.
NWIT 263 Midterms Chapters 3 and 4.
Exam Questions With Correct Answers.
What's the main goal of a static acquisition? - Answer✔Preserve or collect digital evidence.
Name the three formats for digital forensics data acquisitions. - Answer✔Raw Format
Proprietary Format
Advanced Forensics Format (AFF)
What are two advantages and disadvantages of the raw format? - Answer✔Advantages:
Fast data transfers
Most computer forensics tools can read raw format
Disadvantages:
Requires as much storage as original disk/data
Tools may not collect marginal (bad) sectors.
List two features common with proprietary format acquisition files. - Answer✔Option to
compress/not compress image files, and integrate metadata into the image file.
Of all the proprietary formats, which one is the unofficial standard? - Answer✔Encase (.EO1)
Name two commercial tools that can make a forensic sector-by-sector copy of a drive to a larger
drive. - Answer✔Encase and X-ways (double check)
What does a logical acquisition collect for an investigation? - Answer✔Captures only specific
files of interest to the case.
What does a sparse acquisition collect for an investigation? - Answer✔Collects fragments of
unallocated (deleted) data
Why is it a good practice to make two images of a suspect drive in a critical investigation? -
Answer✔To ensure one good copy in case of any failures.
1|Page
NWIT 263 Midterms Chapters 3 and 4.
Exam Questions With Correct Answers.
What's the main goal of a static acquisition? - Answer✔Preserve or collect digital evidence.
Name the three formats for digital forensics data acquisitions. - Answer✔Raw Format
Proprietary Format
Advanced Forensics Format (AFF)
What are two advantages and disadvantages of the raw format? - Answer✔Advantages:
Fast data transfers
Most computer forensics tools can read raw format
Disadvantages:
Requires as much storage as original disk/data
Tools may not collect marginal (bad) sectors.
List two features common with proprietary format acquisition files. - Answer✔Option to
compress/not compress image files, and integrate metadata into the image file.
Of all the proprietary formats, which one is the unofficial standard? - Answer✔Encase (.EO1)
Name two commercial tools that can make a forensic sector-by-sector copy of a drive to a larger
drive. - Answer✔Encase and X-ways (double check)
What does a logical acquisition collect for an investigation? - Answer✔Captures only specific
files of interest to the case.
What does a sparse acquisition collect for an investigation? - Answer✔Collects fragments of
unallocated (deleted) data
Why is it a good practice to make two images of a suspect drive in a critical investigation? -
Answer✔To ensure one good copy in case of any failures.
1|Page
