Data files from original evidence should be used for forensics analysis.

In forensic analysis, you preserve evidence by working on a copy rather than the original data. The recommended approach is to create a forensically sound image of the media, verify it with cryptographic hashes, and perform all analysis on that image while the original remains untouched and secured. This practice prevents any unintentional alterations to the evidence, preserves metadata and timestamps, and supports a defensible chain of custody. If you were to use the original data during analysis, even just reading it, you could modify the evidence in subtle ways, compromising integrity and admissibility in court. Therefore, the statement is not correct because the proper method is to analyze a copy (the forensic image) rather than the original data.