Which of the following best describes an approved type of fo

Which of the following best describes an approved type of forensic duplication?

A. Logical copy

B. Bit copy

C. Microsoft backup

D. Xcopy

Solution

B. A bit copy, or physical copy, captures all the data on the copied medium and reproduces an exact copy that includes hidden and residual data, slack space, swap contents, deleted files, and other data remnants. This allows the examiner to perform an analysis of the copy and store the original. Answer A is incorrect because a logical copy will not completely duplicate the structure of the original media. Answer C is incorrect because Microsoft backup is not an approved product for forensic analysis. Answer D is incorrect because although Xcopy can duplicate files, it does not provide a bit-level copy of the original medium