In the computer forensics investigation methodology, in which step would you run an MD5 checksum on the evidence?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

Multiple Choice

In the computer forensics investigation methodology, in which step would you run an MD5 checksum on the evidence?

Explanation:
Hashing the evidence to confirm integrity is done during the data acquisition phase. When you create the forensic image of the data, you generate an MD5 checksum of that image and record it in the case log. This provides a reproducible fingerprint showing that the copy matches the original and hasn’t been altered since acquisition, which is essential for admissibility and trust in the investigation. The other steps involve securing the scene, obtaining permission, or physically collecting items, but they do not produce or verify a verifiable copy with a hash at the moment of acquisition.

Hashing the evidence to confirm integrity is done during the data acquisition phase. When you create the forensic image of the data, you generate an MD5 checksum of that image and record it in the case log. This provides a reproducible fingerprint showing that the copy matches the original and hasn’t been altered since acquisition, which is essential for admissibility and trust in the investigation. The other steps involve securing the scene, obtaining permission, or physically collecting items, but they do not produce or verify a verifiable copy with a hash at the moment of acquisition.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy