Digital Forensic Certification Practice Exam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for your Digital Forensic Certification Exam with engaging quizzes. Utilize flashcards and multiple-choice questions to enhance your understanding and readiness!

Start Multiple Choice Practice Test
Start Flash Cards

Practice this question and more.

What technique did Boney employ to collect evidence data from a powered-on system?

  1. Snapshot acquisition

  2. Off-line acquisition

  3. Live acquisition

  4. Cold acquisition

The correct answer is: Live acquisition

Boney employed live acquisition to collect evidence data from a powered-on system, which is the correct technique for this scenario. Live acquisition refers to the process of collecting data from a system that is currently running. This method allows forensic investigators to gather information that may not be accessible through other means, especially volatile data held in RAM, such as open files, running processes, and network connections. During a live acquisition, it is possible to capture the state of the system at the moment of examination, which can provide critical insights into user activity, malware presence, or other time-sensitive information. This technique is particularly useful in situations where data could be lost if the system is powered off or if there are ongoing processes that need to be documented. In contrast, the other techniques mentioned involve different approaches or conditions which do not apply to the scenario. Off-line acquisition typically involves collecting data from a system that has been powered down, which would not be viable for a powered-on system. Snapshot acquisition refers to taking a point-in-time copy of a system's state, but it usually requires the system to be offline or a specific method of virtualization to be in place. Cold acquisition, similar to off-line methods, involves disconnecting the power and removing the data storage device

More Questions Like This