Which action best maintains evidence integrity when collecting data?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Computer Hacking Forensic Investigator v11 exam. Study with flashcards and multiple choice questions. Each question includes hints and explanations. Get exam-ready efficiently!

Multiple Choice

Which action best maintains evidence integrity when collecting data?

Explanation:
Creating a forensic backup image of the original evidence is the best way to maintain integrity because it preserves the exact bit-for-bit state of the data while keeping the original untouched. By imaging with a write blocker, you prevent any accidental or intentional changes to the source during collection. Verifying the image with cryptographic hashes (like SHA-256) ensures the copy is an exact replica of the original, providing a trustworthy basis for analysis and for later presentation in court. This approach supports a solid chain of custody and allows multiple analyses without repeatedly touching the original. Modifying evidence to fit a narrative corrupts integrity and is not acceptable. Copying data onto new devices can be part of the process, but without proper imaging, write-blocking, and hash verification, it risks altering data. Postponing collection loses the opportunity to preserve volatile or time-sensitive information and can allow data to be altered or destroyed.

Creating a forensic backup image of the original evidence is the best way to maintain integrity because it preserves the exact bit-for-bit state of the data while keeping the original untouched. By imaging with a write blocker, you prevent any accidental or intentional changes to the source during collection. Verifying the image with cryptographic hashes (like SHA-256) ensures the copy is an exact replica of the original, providing a trustworthy basis for analysis and for later presentation in court. This approach supports a solid chain of custody and allows multiple analyses without repeatedly touching the original.

Modifying evidence to fit a narrative corrupts integrity and is not acceptable. Copying data onto new devices can be part of the process, but without proper imaging, write-blocking, and hash verification, it risks altering data. Postponing collection loses the opportunity to preserve volatile or time-sensitive information and can allow data to be altered or destroyed.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy