Which risk is associated with performing evidence collection without proper safeguards?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

Multiple Choice

Which risk is associated with performing evidence collection without proper safeguards?

Explanation:
Preserving the authenticity of evidence includes keeping its metadata intact. When evidence is collected without safeguards, the process can touch files in ways that change their timestamps. Date/time stamps reflect when a file was created, modified, or accessed, and these times are part of the evidentiary record used to establish the sequence of events. If safeguards aren’t in place, copying data, using certain tools, or even system activity can modify these timestamps, making it hard to trust the timeline or the origin of the evidence. That’s why the risk most associated with improper safeguards is that date/time stamps may be altered. The other options are not the primary risk tied to lacking safeguards. Cache files appearing or a system crash can occur under various conditions and aren’t specific to evidence integrity. Automatic encryption would complicate access but isn’t a direct result of not applying safeguards during collection. The key concern here is maintaining the accuracy of timestamps and other metadata to preserve a reliable, defensible record.

Preserving the authenticity of evidence includes keeping its metadata intact. When evidence is collected without safeguards, the process can touch files in ways that change their timestamps. Date/time stamps reflect when a file was created, modified, or accessed, and these times are part of the evidentiary record used to establish the sequence of events. If safeguards aren’t in place, copying data, using certain tools, or even system activity can modify these timestamps, making it hard to trust the timeline or the origin of the evidence. That’s why the risk most associated with improper safeguards is that date/time stamps may be altered.

The other options are not the primary risk tied to lacking safeguards. Cache files appearing or a system crash can occur under various conditions and aren’t specific to evidence integrity. Automatic encryption would complicate access but isn’t a direct result of not applying safeguards during collection. The key concern here is maintaining the accuracy of timestamps and other metadata to preserve a reliable, defensible record.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy