Which of the following is the MOST ACCURATE statement?

CFE Investigation V2 0 Comments

Jackson, a digital forensic examiner for a government agency, is conducting a criminal investigation into the alleged embezzlement of funds from the government’s Welfare Department (WD). Ginny. a WD employee, is the prime suspect. Jackson obtains a court order authorizing him to seize Ginny’s personal computer for forensic examination .

Which of the following is the MOST ACCURATE statement?
A . If Ginny’s computer is running. Jackson should perform a graceful shutdown by turning it off using the normal shutdown process
B. If Ginny’s computer is off and Jackson needs evidence that exists only in the form of volatile data, he should turn the computer on and retrieve data directly via the computer’s normal interface.
C. If Ginny’s computer is off. Jackson should not turn it on unless he plans to use an encryption device that can guarantee that the system’s hard drive will not be accessed during startup.
D. If Ginny’s computer is running. Jackson may retrieve data from the computer directly via its normal interface if the evidence that he needs exists only in the form of volatile data

Answer: B

Latest CFE Investigation Dumps Valid Version with 100 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download CFE Investigation PDF     CFE Investigation Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments