312-49 Question #134: Real Exam Question with Answer & Explanation

The correct answer is C: Work on the original storage medium not on the duplicated copy. A fundamental principle of digital forensics is to never work on the original evidence. Investigators must create a forensic (bit-for-bit) duplicate and perform all analysis on the copy, preserving the original in its unaltered state for chain of custody and court admissibility.

Submitted by carter_n· Apr 18, 2026Computer Forensics Investigation Process

Question

Which of the following is not a part of data acquisition forensics Investigation?

Options

APermit only authorized personnel to access
BProtect the evidence from extremes in temperature
CWork on the original storage medium not on the duplicated copy
DDisable all remote access to the system

Explanation

A fundamental principle of digital forensics is to never work on the original evidence. Investigators must create a forensic (bit-for-bit) duplicate and perform all analysis on the copy, preserving the original in its unaltered state for chain of custody and court admissibility. The other options (A, B, D) are all legitimate practices: restricting access to authorized personnel, protecting evidence from environmental damage, and disabling remote access to prevent tampering all support proper evidence preservation.

Topics

#Data acquisition#Forensic best practices#Evidence integrity#Chain of custody

Community Discussion

No community discussion yet for this question.

Full 312-49 Practice Browse All 312-49 Questions