Which practice ensures data integrity of digital evidence during transfer?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Computer Hacking Forensic Investigator v11 exam. Study with flashcards and multiple choice questions. Each question includes hints and explanations. Get exam-ready efficiently!

Multiple Choice

Which practice ensures data integrity of digital evidence during transfer?

Explanation:
Data integrity during transfer is proven by creating a cryptographic fingerprint of the evidence both before and after the transfer, and recording those results along with the transfer details. The hash acts as a reproducible signature of the exact data you have; if anything in transit or during copying changes the file, the post-transfer hash will differ from the pre-transfer hash, signaling tampering or corruption. Keeping a documented hash pair plus a clear chain of custody provides auditable proof that the data remained unchanged through the hand-off. Leaving the evidence on the original device during transfer, re-imaging at each hand-off, or copying without logging do not provide this verifiable assurance. Re-imaging can alter content and metadata; copying without logging prevents verification of what was transferred and when; and holding the data on the original device during transfer risks modification and loss of verifiable evidence. The reliable practice is to compute and record cryptographic hashes before and after transfer and maintain a proper log of the transfer events.

Data integrity during transfer is proven by creating a cryptographic fingerprint of the evidence both before and after the transfer, and recording those results along with the transfer details. The hash acts as a reproducible signature of the exact data you have; if anything in transit or during copying changes the file, the post-transfer hash will differ from the pre-transfer hash, signaling tampering or corruption. Keeping a documented hash pair plus a clear chain of custody provides auditable proof that the data remained unchanged through the hand-off.

Leaving the evidence on the original device during transfer, re-imaging at each hand-off, or copying without logging do not provide this verifiable assurance. Re-imaging can alter content and metadata; copying without logging prevents verification of what was transferred and when; and holding the data on the original device during transfer risks modification and loss of verifiable evidence. The reliable practice is to compute and record cryptographic hashes before and after transfer and maintain a proper log of the transfer events.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy