❌ Why the other options are incorrect:
A. To prevent metadata tampering on each file
Hashes don't prevent tampering — they detect it.
C. To generate unique identifiers for each file
Hashes can serve as identifiers, but the main purpose in forensics is to verify integrity.
D. To preserve the chain of custody of files
Chain of custody refers to tracking who has handled the evidence, not to hashing the files
✅ B. To later validate the integrity of each file
🔍 Explanation:
Obtaining file hashes (like MD5, SHA-1, or SHA-256) from a confiscated laptop is a forensic best practice used to:
Ensure files have not been altered since the time of seizure.
Validate the integrity of the data at later stages of an investigation or in court.
By comparing the original hash values to those calculated later, investigators can prove the files remain unchanged, maintaining their evidentiary value.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.CAS-005 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
vicbersong
1 week, 1 day agovicbersong
1 week, 1 day ago