When a device is powered on, which action helps preserve digital evidence?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the Forensic Science Capstone Exam with our engaging quiz. Test your knowledge with a mix of flashcards and multiple-choice questions. Each question includes hints and explanations to help you succeed. Get exam-ready now!

Multiple Choice

When a device is powered on, which action helps preserve digital evidence?

Explanation:
Keeping the device isolated from networks is essential for preserving digital evidence. When a device is connected, it can be remotely accessed, commands can be issued, or software could auto-update or wipe data, all of which can alter the evidence you need to analyze. Removing network access prevents these external interactions, helping you capture the device in its current state and create a reliable forensic image and record of logs. Other actions can change evidence: powering off may erase or alter volatile memory and system state; rebooting changes running processes and timestamps; installing updates alters files and configurations. So, removing from network access best maintains the integrity and state of the device for later examination.

Keeping the device isolated from networks is essential for preserving digital evidence. When a device is connected, it can be remotely accessed, commands can be issued, or software could auto-update or wipe data, all of which can alter the evidence you need to analyze. Removing network access prevents these external interactions, helping you capture the device in its current state and create a reliable forensic image and record of logs. Other actions can change evidence: powering off may erase or alter volatile memory and system state; rebooting changes running processes and timestamps; installing updates alters files and configurations. So, removing from network access best maintains the integrity and state of the device for later examination.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy