CertNexus Certified Cyber Secure Coder (CSC) — Question 18

Which of the following are legally compliant forensics applications that will detect an alternative data stream (ADS) or a file with an incorrect file extension? (Choose two.)

Answer options

• A. Disk duplicator
• B. EnCase
• C. dd
• D. Forensic Toolkit (FTK)
• E. Write blocker

Correct answer: B, D

Explanation

EnCase and Forensic Toolkit (FTK) are both comprehensive forensic applications that offer capabilities to detect alternative data streams and files with incorrect extensions, meeting legal compliance standards. In contrast, a Disk duplicator is primarily for copying data, dd is a disk imaging tool that lacks advanced forensic features, and a Write blocker is used to prevent data modification but does not analyze files.