Which action could compromise forensic integrity if not prevented during ISO imaging?

Preserving forensic integrity means the original evidence must remain untouched while you create an exact copy. ISO imaging aims for a bit-for-bit replica, so any write to the source could alter data, metadata, or even slack space, potentially changing evidence and breaking the chain of custody. Imaging with a write-enabled drive would allow such writes to occur, compromising the integrity of both the source and the resulting image. A certified write-blocker prevents any writes to the original media, which is why it’s essential. Calibrating read speed doesn’t change data itself, and verifying the hash after imaging confirms the copy matches the source. So the action that could compromise integrity is imaging with a write-enabled drive.