You are working in a computer forensic lab. A law enforcement investigator brings you a computer and a valid search warrant. You have legal authority to search the computer. The investigator hands you a piece of paper that has three printed checks on it. All three checks have the same check and account number. You image the suspect computer and open the evidence file with EnCase. You checks have the same check and account number. You image the suspect's computer and open the evidence file with EnCase. You perform a text search for the account number and check number. Nothing returns on the search results. You perform a text search for all other information found on the printed checks and there is still nothing returned in the search results. You run a signature analysis and check the gallery. You cannot locate any graphical copies of the printed checks in the gallery. At this point, is it safe to say that the checks are not located on the suspect computer?
A) No. The images could be located a compressed file.
B) No. The images could be embedded in a document.
C) No. The images could be in unallocated clusters.
D) No. The images could be in an image format not viewable inside EnCase.
E) All of the above.
Correct Answer:
Verified
Q88: The end of a logical file to
Q89: Assume that MyNote.txt was allocated to clusters
Q90: How many copies of the FAT are
Q91: Within EnCase for Windows, the search process
Q92: GREP terms are automatically recognized as GREP
Q94: In DOS acquisition mode, if a physical
Q95: The FAT in the File Allocation Table
Q96: RAM is an acronym for:
A) Random Addressable
Q97: How does EnCase verify that the case
Q98: The term signature and header as they
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents