What is the best practice to ensure evidence integrity during collection?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

Multiple Choice

What is the best practice to ensure evidence integrity during collection?

Explanation:
Preserving evidence integrity means ensuring the original data remains exactly as it was at the moment of collection. The best way to achieve this is to avoid altering the evidence. In practice, this means handling media with care, using write-blocking or forensic imaging to create a bit-for-bit copy, and keeping the original media untouched. Document everything for the chain of custody and generate cryptographic hashes (like SHA-256) at acquisition, then verify that the copy matches the original. This approach prevents any unintended changes and supports reliable analysis and admissibility in court. Other options can modify or compromise data—for example, installing antivirus software can alter files, forcing a shutdown can corrupt data, and copying data to a local drive without proper imaging can change the source.

Preserving evidence integrity means ensuring the original data remains exactly as it was at the moment of collection. The best way to achieve this is to avoid altering the evidence. In practice, this means handling media with care, using write-blocking or forensic imaging to create a bit-for-bit copy, and keeping the original media untouched. Document everything for the chain of custody and generate cryptographic hashes (like SHA-256) at acquisition, then verify that the copy matches the original. This approach prevents any unintended changes and supports reliable analysis and admissibility in court. Other options can modify or compromise data—for example, installing antivirus software can alter files, forcing a shutdown can corrupt data, and copying data to a local drive without proper imaging can change the source.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy