CompTIA Security+ (SY0-601) — Question 41

A forensic analyst needs to prove that data has not been tampered with since it was collected. Which of the following methods will the analyst MOST likely use?

Answer options

• A. Look for tampering on the evidence collection bag.
• B. Encrypt the collected data using asymmetric encryption.
• C. Ensure proper procedures for chain of custody are being followed.
• D. Calculate the checksum using a hashing algorithm.

Correct answer: D

Explanation

The correct answer is D because calculating the checksum with a hashing algorithm allows the analyst to verify the integrity of the data by comparing the checksum values before and after collection. Options A and B do not directly prove data integrity, and while C is important for maintaining evidence, it does not specifically confirm that the data itself has not been altered.