Computer Hacking Forensic Investigator (CHFI v10) — Question 350

What technique used by Encase makes it virtually impossible to tamper with evidence once it has been acquired?

Answer options

• A. Every byte of the file(s) is given an MD5 hash to match against a master file
• B. Every byte of the file(s) is verified using 32-bit CRC
• C. Every byte of the file(s) is copied to three different hard drives
• D. Every byte of the file(s) is encrypted using three different methods

Correct answer: B

Explanation

The correct answer, B, indicates that 32-bit CRC is used to verify the integrity of the files, making tampering detectable. Option A is incorrect because MD5 hashes, while useful, do not provide the same level of real-time verification as 32-bit CRC. Option C does not prevent tampering but rather ensures redundancy, and option D focuses on encryption, which does not inherently verify evidence integrity.