The data acquisition process should include preserving evidence by protecting it from temperature extremes and by using controlled handling.

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

Multiple Choice

The data acquisition process should include preserving evidence by protecting it from temperature extremes and by using controlled handling.

Explanation:
Preserving evidence during data acquisition hinges on protecting the physical media from environmental changes and enforcing strict handling to maintain the chain of custody. Temperature extremes can cause hardware to behave unpredictably, lead to data corruption, or even cause media failure, so keeping the environment controlled helps ensure the acquired data truly reflects the original state. Controlled handling ensures only authorized personnel access the evidence, proper documentation and labeling occur, and the data remains unaltered and traceable throughout the process. The other options undermine integrity: taking copies without verifying checksums means you can’t be sure the copy matches the original exactly; unrestricted access without logging breaks the chain of custody; and modifying data to fit a narrative is manipulation and invalidates the evidence.

Preserving evidence during data acquisition hinges on protecting the physical media from environmental changes and enforcing strict handling to maintain the chain of custody. Temperature extremes can cause hardware to behave unpredictably, lead to data corruption, or even cause media failure, so keeping the environment controlled helps ensure the acquired data truly reflects the original state. Controlled handling ensures only authorized personnel access the evidence, proper documentation and labeling occur, and the data remains unaltered and traceable throughout the process.

The other options undermine integrity: taking copies without verifying checksums means you can’t be sure the copy matches the original exactly; unrestricted access without logging breaks the chain of custody; and modifying data to fit a narrative is manipulation and invalidates the evidence.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy