Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
Which of these areas cannot be used for the purpose of anti-forensics?
Slack space
Ghost Protected Area
HPA
DCO Area
The Host Protected Area (HPA) and Device Configuration Overlay (DCO) are hidden areas of a hard drive. Usually when information is stored in either the HPA or DCO, it is not accessible by the BIOS, OS, or the user. However, certain tools can be used to modify the HPA or DCO. Software and firmware that are able to use the HPA are referred to as 'HPA aware'. Slack space refers to portions of a hard drive that are not fully used by the current allocated file and which may contain data from a previously deleted file. The Ghost Protected Area is a distractor and therefore cannot be used for anti-forensic purposes. EDIT: Where did 'Ghost Protected Area' come from? Is this a reference to a Ghosted image of a machine? I can't find evidence of this being a common phrase in forensics. | @Ajay: Cannot find anything on "Ghost Protected Area". I believe the correct answer should be Slack Space. https://www.computerhope.com/jargon/s/slack-space.htm. Changed Answer from "Ghost Protected Area" to "Slack Space" Edit: “Ghost Protected Area” is fake and is the answer. Everything else can be abused for anti-forensic purposes. Edit: have not changed question, but should "Ghost Protected Area" be changed to "None of these"? This would make the question clearer. Edit - it would make the question EASIER which should not be a goal.
Train with Skillset and pass your certification exam. Faster. Guaranteed.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.