Computer Hacking Forensic Investigator (CHFI v10) — Question 197

Brian needs to acquire data from RAID storage. Which of the following acquisition methods is recommended to retrieve only the data relevant to the investigation?

Answer options

• A. Static Acquisition
• B. Sparse or Logical Acquisition
• C. Bit-stream disk-to-disk Acquisition
• D. Bit-by-bit Acquisition

Correct answer: B

Explanation

Sparse or Logical Acquisition is ideal for retrieving specific data relevant to an investigation without capturing unnecessary information, making it efficient. In contrast, Static Acquisition generally involves a complete copy of the data, while Bit-stream disk-to-disk and Bit-by-bit Acquisition methods capture all data, including irrelevant portions, which is not optimal for focused investigations.