During evidence collection, which device is used to prevent the system from writing data to the evidence disk?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards

From $9.99Unlock all

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

Multiple Choice

During evidence collection, which device is used to prevent the system from writing data to the evidence disk?

Preserving evidence integrity is the goal. A write-blocker is placed between the evidence disk and the system to block any write commands from the host while still allowing reads. This lets forensic imaging tools create a bit-for-bit copy without altering the original media, ensuring hashes remain valid and the chain of custody is intact. Without a write-blocker, normal system activity could modify data, timestamps, or slack space and compromise the evidence. The other options don’t prevent writes to the disk: a firewall protects network traffic, a protocol analyzer captures data, and a disk editor would modify disk contents.

During evidence collection, which device is used to prevent the system from writing data to the evidence disk?

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

During evidence collection, which device is used to prevent the system from writing data to the evidence disk?

Get the latest from Examzify