In the computer forensics investigation methodology, in which step would you run an MD5 checksum on the evidence?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Computer Hacking Forensic Investigator v11 exam. Study with flashcards and multiple choice questions. Each question includes hints and explanations. Get exam-ready efficiently!

Multiple Choice

In the computer forensics investigation methodology, in which step would you run an MD5 checksum on the evidence?

Explanation:
Hashing the evidence to confirm integrity is done during the data acquisition phase. When you create the forensic image of the data, you generate an MD5 checksum of that image and record it in the case log. This provides a reproducible fingerprint showing that the copy matches the original and hasn’t been altered since acquisition, which is essential for admissibility and trust in the investigation. The other steps involve securing the scene, obtaining permission, or physically collecting items, but they do not produce or verify a verifiable copy with a hash at the moment of acquisition.

Hashing the evidence to confirm integrity is done during the data acquisition phase. When you create the forensic image of the data, you generate an MD5 checksum of that image and record it in the case log. This provides a reproducible fingerprint showing that the copy matches the original and hasn’t been altered since acquisition, which is essential for admissibility and trust in the investigation. The other steps involve securing the scene, obtaining permission, or physically collecting items, but they do not produce or verify a verifiable copy with a hash at the moment of acquisition.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy