During evidence collection, which device is used to prevent the system from writing data to the evidence disk?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards

From $24.99Unlock all

Prepare for the Computer Hacking Forensic Investigator v11 exam. Study with flashcards and multiple choice questions. Each question includes hints and explanations. Get exam-ready efficiently!

Multiple Choice

During evidence collection, which device is used to prevent the system from writing data to the evidence disk?

Preserving evidence integrity is the goal. A write-blocker is placed between the evidence disk and the system to block any write commands from the host while still allowing reads. This lets forensic imaging tools create a bit-for-bit copy without altering the original media, ensuring hashes remain valid and the chain of custody is intact. Without a write-blocker, normal system activity could modify data, timestamps, or slack space and compromise the evidence. The other options don’t prevent writes to the disk: a firewall protects network traffic, a protocol analyzer captures data, and a disk editor would modify disk contents.

During evidence collection, which device is used to prevent the system from writing data to the evidence disk?

Prepare for the Computer Hacking Forensic Investigator v11 exam. Study with flashcards and multiple choice questions. Each question includes hints and explanations. Get exam-ready efficiently!

During evidence collection, which device is used to prevent the system from writing data to the evidence disk?

Get the latest from Passetra