Computer Hacking Forensic Investigator (CHFI v10) — Question 128

Why should you never power on a computer that you need to acquire digital evidence from?

Answer options

• A. When the computer boots up, files are written to the computer rendering the data nclean
• B. When the computer boots up, the system cache is cleared which could destroy evidence
• C. When the computer boots up, data in the memory buffer is cleared which could destroy evidence
• D. Powering on a computer has no affect when needing to acquire digital evidence from it

Correct answer: C

Explanation

The correct answer is C because powering on a computer will clear the data stored in the memory buffer, which may contain crucial evidence. Options A and B are incorrect as they don't directly relate to the memory buffer, and D is false since powering on can indeed affect evidence integrity.