Which action could compromise forensic integrity if not prevented during ISO imaging?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

Multiple Choice

Which action could compromise forensic integrity if not prevented during ISO imaging?

Explanation:
Preserving forensic integrity means the original evidence must remain untouched while you create an exact copy. ISO imaging aims for a bit-for-bit replica, so any write to the source could alter data, metadata, or even slack space, potentially changing evidence and breaking the chain of custody. Imaging with a write-enabled drive would allow such writes to occur, compromising the integrity of both the source and the resulting image. A certified write-blocker prevents any writes to the original media, which is why it’s essential. Calibrating read speed doesn’t change data itself, and verifying the hash after imaging confirms the copy matches the source. So the action that could compromise integrity is imaging with a write-enabled drive.

Preserving forensic integrity means the original evidence must remain untouched while you create an exact copy. ISO imaging aims for a bit-for-bit replica, so any write to the source could alter data, metadata, or even slack space, potentially changing evidence and breaking the chain of custody. Imaging with a write-enabled drive would allow such writes to occur, compromising the integrity of both the source and the resulting image. A certified write-blocker prevents any writes to the original media, which is why it’s essential. Calibrating read speed doesn’t change data itself, and verifying the hash after imaging confirms the copy matches the source. So the action that could compromise integrity is imaging with a write-enabled drive.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy