Question

If the computer has an encrypted drive, a ____ acquisition is done if the password or passphrase is available. a. passive b. static c. live d. local

Answer 1

Answer: C. Live

Explanation:

A live acquisition is where data is retrieved from a digital device directly via its normal interface such as activating a computer and initiating executables. Doing so has a certain level of risk because data is highly likely to be modified by the operating system. The process becomes significantly more common likely with less available disk space to the point of completely impractical to image.