Computer Hacking Forensic Investigator (CHFI) — Question 31

Why should you never power on a computer that you need to acquire digital evidence from?

Answer options

• A. When the computer boots up, files are written to the computer rendering the data nclean
• B. When the computer boots up, the system cache is cleared which could destroy evidence
• C. When the computer boots up, data in the memory buffer is cleared which could destroy evidence
• D. Powering on a computer has no affect when needing to acquire digital evidence from it

Correct answer: A

Explanation

The correct answer, A, highlights that booting the computer writes files, which can alter the original data and compromise the evidence. Options B and C are incorrect because while they mention the loss of evidence, they focus on cache and memory buffer, which are not the primary concern. Option D is wrong since powering on can indeed affect the integrity of the evidence.