Which of the following is used to back up forensic evidences or data folders from the network or
locally attached hard disk drives?

A.
WinHex

B.
Vedit

C.
Device Seizure

D.
FAR system

Explanation:
FAR systems are used in the forensic process to back up evidence or data folders from the network
or locally attached hard disk drives. It automatically spans the content over a series of discs in a
variety of media. Backups are encrypted with the MD5 algorithm for verification and full chain of
evidence reporting. The restore feature is used to load discs automatically, to any local or network
storage location.
Answer option C is incorrect. Device Seizure is a software, which is used in forensic analysis and
recovery of mobile phone and PDA data. It is used for data recovery, full data dumps of certain cell
phone models, logical and physical acquisitions of PDAs, data cable access, and advanced reporting.
Device Seizure also provides feature of GSM SIM card acquisition and deleted data recovery using
SIMCon technology.
Answer option B is incorrect. Vedit is a commercial text editor for Microsoft Windows and MS-DOS.
Vedit was one of the pioneers in visual editing. Today, it is a powerful and feature-rich generalpurpose text editor. Vedit can edit any file, including binary files and huge multi-gigabyte files. Still it
is compact and extremely fast, perhaps because it is written mostly in Assembly language.
Answer option A is incorrect. WinHex is a famous hexadecimal editor tool that is used to examine
files that have been collected for analysis and examination. This includes file fragments, recovered
deleted files, or other data that have been corrupted or destroyed. WinHex can also examine the
contents of a file retrieved from a hard disk whose application software, which open the particular
file, is not available. We can also view data captured from a network to identify passwords and
other data. WinHex also provides a feature that allows cloning of a hard disk and thus making a
duplicate of the data to work with. It can also provide a RAM editor feature that allows access to the
physical RAM and

any processes running in virtual memory. WinHex is also set to run in a write-protected mode, which
open any file in a read-only mode to prevent any modification in the original data.