Certified Information Security Manager (CISM) — Question 834

The GREATEST challenge when attempting data recovery of a specific file during forensic analysis is when:

Answer options

• A. high-level disk formatting has been performed.
• B. all files in the directory have been deleted.
• C. the partition table on the disk has been deleted.
• D. the file has been overwritten.

Correct answer: D

Explanation

The most significant challenge in data recovery occurs when a file has been overwritten, as this leads to the original data being replaced, making it extremely difficult or impossible to retrieve. While high-level disk formatting, directory deletions, and partition table deletions complicate recovery efforts, they do not permanently eliminate the possibility of data retrieval like overwriting does.