What technique used by Encase makes it virtually impossible to tamper with evidence once acquired?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards

From $9.99Unlock all

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

Multiple Choice

What technique used by Encase makes it virtually impossible to tamper with evidence once acquired?

Hash-based integrity verification is what ensures evidence cannot be tampered with after capture. EnCase creates a cryptographic hash of the acquired data (such as MD5 or a stronger hash) and stores that fingerprint. Later, re-computing the hash and comparing it to the original fingerprint reveals any modification: even a single bit change produces a different hash, signaling tampering. CRC is only a simple error-check and isn’t cryptographically secure, so it can’t reliably prove immutability. Copying to multiple drives helps preserve data, and encryption protects confidentiality, but neither by itself guarantees that the data remains unchanged. Therefore, using a cryptographic hash like MD5 to fingerprint the evidence is the method that makes tampering detectable.

What technique used by Encase makes it virtually impossible to tamper with evidence once acquired?

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

What technique used by Encase makes it virtually impossible to tamper with evidence once acquired?

Get the latest from Examzify