Digital Forensic Certification Practice Exam 2026 – Comprehensive Test Preparation

The choice that indicates the functionality of Autopsy for recovering deleted files from unallocated space using PhotoRec is data carving. Data carving is a technique used in digital forensics to identify and extract files from raw data by searching for file signatures or patterns in unallocated space, which is the part of the storage that does not contain any active files.

When a file is deleted, its space can eventually become unallocated, but the data itself might still physically exist on the disk until it is overwritten. Data carving allows forensic investigators to recover that deleted data even if the file system entry has been removed. This method is particularly effective because it does not rely on file system metadata but rather examines the raw contents of the disk for recognizable patterns associated with particular file types.

This process is critical in forensic investigations where recovering deleted evidence can be essential for case analysis, making data carving a vital component of tools like Autopsy that leverage external recovery tools such as PhotoRec for these purposes.