To prove that evidence has not been altered since entering the lab, which approach is correct?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Computer Hacking Forensic Investigator v11 exam. Study with flashcards and multiple choice questions. Each question includes hints and explanations. Get exam-ready efficiently!

Multiple Choice

To prove that evidence has not been altered since entering the lab, which approach is correct?

Explanation:
Proving that evidence hasn’t been altered relies on creating a fingerprint of the exact data when it enters the lab and then keeping that fingerprint secure. You generate a cryptographic hash of the entire evidence at intake and record that digest in the chain of custody. Later, you recompute the hash on the preserved copy and compare it to the original digest. If they match, the data remain unchanged; if they differ, tampering or corruption has occurred. This method provides a concrete, verifiable artifact that can be independently checked, rather than relying on a signed statement, lab certification, or a generic standard database. In practice, hashing at intake and comparing to that original digest is the reliable way to demonstrate integrity over time, with a note that stronger hash functions (like SHA-256) are preferred over MD5 for improved collision resistance.

Proving that evidence hasn’t been altered relies on creating a fingerprint of the exact data when it enters the lab and then keeping that fingerprint secure. You generate a cryptographic hash of the entire evidence at intake and record that digest in the chain of custody. Later, you recompute the hash on the preserved copy and compare it to the original digest. If they match, the data remain unchanged; if they differ, tampering or corruption has occurred. This method provides a concrete, verifiable artifact that can be independently checked, rather than relying on a signed statement, lab certification, or a generic standard database. In practice, hashing at intake and comparing to that original digest is the reliable way to demonstrate integrity over time, with a note that stronger hash functions (like SHA-256) are preferred over MD5 for improved collision resistance.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy