What is a key limitation of using a DOS copy for evidence transfer?

Advance your skills with our Digital Forensics Test. Explore detailed questions, explanations, and suggestions. Ace your exam!

Multiple Choice

What is a key limitation of using a DOS copy for evidence transfer?

Explanation:
In evidence handling, you want a transfer method that preserves every artifact that could be relevant, including data that isn’t visible as a live file. A DOS copy copies only currently allocated files and their contents, not data that has been deleted or is stored in slack space. It won’t capture deleted files, slack space, unallocated sectors, or other hidden artifacts, so important remnants on the disk can be missed. That’s why this approach is limited for evidentiary use. Additionally, this method doesn’t automatically log actions, doesn’t perform integrity checks like MD5 by itself, and doesn’t guarantee comprehensive metadata capture, all of which are important for defensible evidence transfer.

In evidence handling, you want a transfer method that preserves every artifact that could be relevant, including data that isn’t visible as a live file. A DOS copy copies only currently allocated files and their contents, not data that has been deleted or is stored in slack space. It won’t capture deleted files, slack space, unallocated sectors, or other hidden artifacts, so important remnants on the disk can be missed. That’s why this approach is limited for evidentiary use.

Additionally, this method doesn’t automatically log actions, doesn’t perform integrity checks like MD5 by itself, and doesn’t guarantee comprehensive metadata capture, all of which are important for defensible evidence transfer.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy