With regard to using an antivirus scanner during a computer forensics investigation, you should:

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

Multiple Choice

With regard to using an antivirus scanner during a computer forensics investigation, you should:

Explanation:
In digital forensics, the working environment must be trusted and free from malware that could contaminate evidence. Scanning the forensics workstation before you begin helps ensure there isn’t malicious software or compromised configurations that could alter artifacts, interfere with imaging, or affect the integrity of your tools and processes. If the workstation is clean, you reduce the risk of introducing changes to the evidence or misinterpreting results later. Scanning the suspect drive itself before the investigation starts is risky because antivirus actions can modify data, quarantine files, or adjust timestamps, which would contaminate the evidence and compromise its integrity. It’s better to image and examine the suspect data using write-blockers and controlled processes after establishing a clean workstation. Running antivirus checks too frequently during the investigation would also be disruptive and could again modify data or timing information unnecessary for the case. Therefore, the best practice is to verify and sanitize the forensic workstation by scanning it before beginning the investigation.

In digital forensics, the working environment must be trusted and free from malware that could contaminate evidence. Scanning the forensics workstation before you begin helps ensure there isn’t malicious software or compromised configurations that could alter artifacts, interfere with imaging, or affect the integrity of your tools and processes. If the workstation is clean, you reduce the risk of introducing changes to the evidence or misinterpreting results later.

Scanning the suspect drive itself before the investigation starts is risky because antivirus actions can modify data, quarantine files, or adjust timestamps, which would contaminate the evidence and compromise its integrity. It’s better to image and examine the suspect data using write-blockers and controlled processes after establishing a clean workstation. Running antivirus checks too frequently during the investigation would also be disruptive and could again modify data or timing information unnecessary for the case.

Therefore, the best practice is to verify and sanitize the forensic workstation by scanning it before beginning the investigation.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy