Computer Hacking Forensic Investigator (CHFI) — Question 150

You are contracted to work as a computer forensics investigator for a regional bank that has four 30 TB storage area networks that store customer data.
What method would be most efficient for you to acquire digital evidence from this network?

Answer options

• A. create a compressed copy of the file with DoubleSpace
• B. create a sparse data copy of a folder or file
• C. make a bit-stream disk-to-image file
• D. make a bit-stream disk-to-disk file

Correct answer: C

Explanation

The correct answer is C, as making a bit-stream disk-to-image file allows for a complete and exact copy of the data, preserving all metadata which is crucial in forensics. The other options, such as creating compressed or sparse copies, may not retain all data integrity and could omit important information needed for a thorough investigation.