Disk Imaging Flashcards by Spencer Bills

In imaging vs copying, imaging captures…

slack space
unallocated space
deleted files
file metadata

How well did you know this?

Not at all

Perfectly

In imaging vs cloning, imaging is…

not bootable
compressed
checksummed
examinable with forensic tools

How well did you know this?

Not at all

Perfectly

Types of volumes that can be imaged

Physical volumes
Logical volumes

How well did you know this?

Not at all

Perfectly

Why image physically?

To get the full drive.

How well did you know this?

Not at all

Perfectly

Why image logically?

Usually faster

How well did you know this?

Not at all

Perfectly

How do you image if the disk is encrypted?

Logically

How well did you know this?

Not at all

Perfectly

Forensic Triage

Collects the most useful files from a disk

How well did you know this?

Not at all

Perfectly

Live imaging

Imaging while a machine is on.

How well did you know this?

Not at all

Perfectly

Boot imaging

Booting into a different machine to take the image.

How well did you know this?

Not at all

Perfectly

Dead box imaging

Pulling a hard drive and imaging it.

How well did you know this?

Not at all

Perfectly

What tool lets you check for encryption?

EDD

How well did you know this?

Not at all

Perfectly

When would you boot image?

Whenever you cannot remove the hard drive from the machine and the drive is not encrypted.

How well did you know this?

Not at all

Perfectly

How well did you know this?

Not at all

Perfectly

Brainscape's Knowledge GenomeTM

Disk Imaging Flashcards

Brainscape's Knowledge Genome^TM