ECSA EC0-479 Exam Questions and Answers PDF

When files are deleted, the data is overwritten and the cluster marked as available

The longer a disk is inuse, the less likely it is that deleted files will be overwritten

While booting, the machine may create temporary files that can delete evidence

Secure delete programs work by completely overwriting the file in one go

one who has NTFS 4 or 5 partitions

one who uses dynamic swap file capability

one who uses hard disk writes on IRQ 13 and 21

one who has lots of allocation units per block or cluster

Keep the information of file for later review

Destroy the evidence

Bring the information to the attention of the prosecutor, his or her supervisor or finally to the judge

Present the evidence to the defense attorney

evidence must be handled in the same way regardless of the type of case

evidence procedures are not important unless you work for a law enforcement agency

evidence in a criminal case must be secured more tightly than in a civil case

evidence in a civil case must be secured more tightly than in a criminal case