1. Why do you need to be careful about the utilities you choose to use for disk imaging?
2. What is an HPA?
3. Name some limitations of virtual environments when used for forensics:
4. How can you verify that in imaging the source media, the original media is unchanged?
5. Name a tool that can be used to image the data in the memory of a cell phone.
6. What does the Netstat utility do?
7. When collecting evidence, which do you want to extract first: the information in memory or on the hard drive?
8. Why can choosing the method used to shut down a suspect computer be a difficult decision to make?
9. If you need to boot a suspect computer to make an image copy, how should you do it?
10. Name three programs or utilities that can be used to collect forensic images.