Exam SY0-601 topic 1 question 235 discussion

Yeah, it’s C. Nonrepudiation is specifically talking about the proof that someone has done something on the system. Taking a hash of the original disk is proof that it represents the state of the data when the investigation began. It’s not a signature in the sense of an encryption cert or something like that, but it is definitely a method of ensuring that the data on the drive represents the user’s changes, vice those of the investigator or someone else after the fact. Chain of custody doesn’t apply because nonrepudiation is talking about the data itself.

I would go with D. logging everyone in contact. While a hash function like C. would grant integrity, it only partially grants non-repudiation. The goal of non-repudiation measures is to ensure that no one can alter a claim previously made (example: digital signature proving someone sent data. They cannot deny that they sent the data because their digital signature was on the transmission.) In this case, answer D. grants non-repudiation because the logs of everyone in contact are proof of that interaction and cannot be refuted after the fact. C would only prove data was not altered.

The answer is D. Logging everyone in contact with evidence. The question is "Which of the following supplies non-repudiation during a forensics investigation?" Think wholistically about all the artifacts involved in the investigation, not only hard disks. what about dvds u discover in an office drawer? u cant hash a dvd. You will need a chain of custody to prove non-repudiation for all the artifacts collected from an office. Else the judge will toss the case.

Dive integrity does not prove non repudiation. That is done by a chain of custody legal document. = D

It's D. Using a SHA-2 signature of a drive image: This helps ensure the integrity of the copied data, but it doesn't necessarily prove who created the copy.

The option that supplies non-repudiation during a forensics investigation is: C. Using a SHA-2 signature of a drive image. A SHA-2 signature is a cryptographic hash generated from the drive image, which serves as a unique and verifiable identifier of the image's contents. By generating a SHA-2 signature of the drive image, investigators can ensure the integrity of the evidence and provide non-repudiation, meaning that the integrity and authenticity of the evidence cannot be denied by the parties involved. This helps establish the credibility of the forensic investigation findings and ensures that the evidence has not been tampered with.

unsure incorrectcorrect Law enforcement has acquired a disk as evidence and copied the disk for analysis. Suggest a way to maximize the integrity of the analysis process to ensure non-repudiation is possible. (Select all that apply.) CORRECT ANSWER: Create a hash before and after analysis and compare the checksums. Use a write blocker during analysis to prevent data from being changed.

I think C is the best answer here

The definition of non-repudiation is: undeniable evidence that a specific action was performed by a particular individual or entity. There's only 1 answer that fits this definition

Verified it with Professor Messer's hashing and digital signature's sec+ content video. Answer's C....

While using a hash (like SHA-2) can ensure data integrity, it does not directly provide non-repudiation.

C. Using a SHA-2 signature of a drive image Creating a SHA-2 signature involves generating a hash value for the drive image, and any changes to the image would result in a different hash value.

encryption can only guaranteed for the integrity not non repudiation

Only C that make sense here when it comes to data security.

I'm saying D, Chain of custody will document when the SHA-2 hash was performed. Making it non-repudiation.

we need stone face :/

This is a forensics investigation and to me sounds like a much broader scope than data handling/processing where in that case I'd vote for C. But I think the answer is D since the question does not mention anything specific to data.