Which of the following needs to be performed during a forensics investigation to ensure the data contained in a drive image has not been compromised?

– by 1

Which of the following needs to be performed during a forensics investigation to ensure the data contained in a drive image has not been compromised?
A. Follow the proper chain of custody procedures.
B. Compare the image hash to the original hash.
C. Ensure a legal hold has been placed on the image.
D. Verify the time offset on the image file.

How To Pass SY0-601 Exam?

CompTIA SY0-601 PDF dumps.

High quality SY0-601 pdf and software. VALID exam to help you pass.
comptia-exams

One thought on “Which of the following needs to be performed during a forensics investigation to ensure the data contained in a drive image has not been compromised?

  1. Another poorly worded question, as every other study source will tell you chain of custody but the way this question is worded makes it lean towards B. If you don’t follow chain of custody, and someone steals all the data and wipes it on the machine, SURE checking the image hash will tell you if the data changed but chain of custody will tell you who compromised the data in the first place and be vastly more helpful.

    3
    2
    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.