ISC2 Exam ISSMP Topic 1 Question 38 Discussion

FAR systems are used in the forensic process to back up evidence or data folders from the network or locally attached hard disk drives. It automatically spans the content over a series of discs in a variety of media. Backups are encrypted with the MD5 algorithm for verification and full chain of evidence reporting. The restore feature is used to load discs automatically, to any local or network storage location.

Answer option C is incorrect. Device Seizure is a software, which is used in forensic analysis and recovery of mobile phone and PDA data. It is used for data recovery, full data dumps of certain cell phone models, logical and physical acquisitions of PDAs, data cable access, and advanced reporting. Device Seizure also provides feature of GSM SIM card acquisition and deleted data recovery using SIMCon technology.

Answer option B is incorrect. Vedit is a commercial text editor for Microsoft Windows and MS-DOS. Vedit was one of the pioneers in visual editing. Today, it is a powerful and feature-rich general-purpose text editor. Vedit can edit any file, including binary files and huge multi-gigabyte files. Still it is compact and extremely fast, perhaps because it is written mostly in Assembly language.

Answer option A is incorrect. WinHex is a famous hexadecimal editor tool that is used to examine files that have been collected for analysis and examination. This includes file fragments, recovered deleted files, or other data that have been corrupted or destroyed. WinHex can also examine the contents of a file retrieved from a hard disk whose application software, which open the particular file, is not available. We can also view data captured from a network to identify passwords and other data. WinHex also provides a feature that allows cloning of a hard disk and thus making a duplicate of the data to work with. It can also provide a RAM editor feature that allows access to the physical RAM and

any processes running in virtual memory. WinHex is also set to run in a write-protected mode, which open any file in a read-only mode to prevent any modification in the original data.