Which practice ensures data integrity of digital evidence during transfer?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

Multiple Choice

Which practice ensures data integrity of digital evidence during transfer?

Explanation:
Data integrity during transfer is proven by creating a cryptographic fingerprint of the evidence both before and after the transfer, and recording those results along with the transfer details. The hash acts as a reproducible signature of the exact data you have; if anything in transit or during copying changes the file, the post-transfer hash will differ from the pre-transfer hash, signaling tampering or corruption. Keeping a documented hash pair plus a clear chain of custody provides auditable proof that the data remained unchanged through the hand-off. Leaving the evidence on the original device during transfer, re-imaging at each hand-off, or copying without logging do not provide this verifiable assurance. Re-imaging can alter content and metadata; copying without logging prevents verification of what was transferred and when; and holding the data on the original device during transfer risks modification and loss of verifiable evidence. The reliable practice is to compute and record cryptographic hashes before and after transfer and maintain a proper log of the transfer events.

Data integrity during transfer is proven by creating a cryptographic fingerprint of the evidence both before and after the transfer, and recording those results along with the transfer details. The hash acts as a reproducible signature of the exact data you have; if anything in transit or during copying changes the file, the post-transfer hash will differ from the pre-transfer hash, signaling tampering or corruption. Keeping a documented hash pair plus a clear chain of custody provides auditable proof that the data remained unchanged through the hand-off.

Leaving the evidence on the original device during transfer, re-imaging at each hand-off, or copying without logging do not provide this verifiable assurance. Re-imaging can alter content and metadata; copying without logging prevents verification of what was transferred and when; and holding the data on the original device during transfer risks modification and loss of verifiable evidence. The reliable practice is to compute and record cryptographic hashes before and after transfer and maintain a proper log of the transfer events.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy