nerdexam
Cisco

210-255 · Question #112

Which type verification typically consists of using tools to compute the message digest of the original and copies data, then comparing the digests to make sure that they are the same?

The correct answer is B. data integrity. Data integrity verification in digital forensics uses cryptographic hash algorithms to compute message digests of original and copied data, then compares them to confirm that no alteration occurred during collection or transfer.

Host-Based Analysis

Question

Which type verification typically consists of using tools to compute the message digest of the original and copies data, then comparing the digests to make sure that they are the same?

Options

  • Aevidence collection order
  • Bdata integrity
  • Cdata preservation
  • Dvolatile data collection

How the community answered

(52 responses)
  • A
    2% (1)
  • B
    94% (49)
  • C
    4% (2)

Why each option

Data integrity verification in digital forensics uses cryptographic hash algorithms to compute message digests of original and copied data, then compares them to confirm that no alteration occurred during collection or transfer.

Aevidence collection order

Evidence collection order refers to the order of volatility principle - collecting the most volatile data first - and does not involve computing or comparing message digests.

Bdata integrityCorrect

Data integrity is the process of ensuring that data has not been altered, and the standard method is to compute a hash (message digest) of the original data and the copy using algorithms such as MD5 or SHA-256. If both digests match, the copy is a bit-for-bit identical duplicate of the original. This process is a foundational requirement in forensic evidence handling to prove that collected data was not tampered with.

Cdata preservation

Data preservation refers to the practice of protecting data from modification or loss, not a specific verification process involving digest comparison.

Dvolatile data collection

Volatile data collection refers to acquiring data from ephemeral sources such as RAM and running processes, and is unrelated to digest-based verification.

Concept tested: Data integrity verification using cryptographic hashing

Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-86.pdf

Topics

#data integrity#message digest#hash verification#digital forensics

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice