CompTIA Security+ (SY0-601) — Question 117

Which of the following supplies non-repudiation during a forensics investigation?

Answer options

• A. Dumping volatile memory contents first
• B. Duplicating a drive with dd
• C. Using a SHA-2 signature of a drive image
• D. Logging everyone in contact with evidence
• E. Encrypting sensitive data

Correct answer: C

Explanation

Option C is correct because a SHA-2 signature ensures the integrity and authenticity of the drive image, preventing any denial of the evidence's origin. The other options do not inherently provide non-repudiation; they may aid in the investigation but do not ensure that the evidence cannot be denied by its originator.