nerdexam
(ISC)2

CISSP · Question #423

When conducting a forensic criminal investigation on a computer had drive, what should be dene PRIOR to analysis?

The correct answer is C. Create a forensic image of the hard drive.. When conducting a forensic criminal investigation on a computer hard drive, the first thing that should be done prior to analysis is to create a forensic image of the hard drive. A forensic image is a bit-by-bit copy of the original data source that preserves the integrity and au

Submitted by lucia.co· Mar 5, 2026Security Operations

Question

When conducting a forensic criminal investigation on a computer had drive, what should be dene PRIOR to analysis?

Options

  • ACreate a backup copy of all the important files on the drive.
  • BPower off the computer and wait for assistance.
  • CCreate a forensic image of the hard drive.
  • DInstall forensic analysis software.

How the community answered

(22 responses)
  • B
    5% (1)
  • C
    95% (21)

Explanation

When conducting a forensic criminal investigation on a computer hard drive, the first thing that should be done prior to analysis is to create a forensic image of the hard drive. A forensic image is a bit-by-bit copy of the original data source that preserves the integrity and authenticity of the evidence. A forensic image should be created using a write-blocker device or software that prevents any modification or alteration of the data on the hard drive. A forensic image should also be verified using a hash function that generates a unique value that can be used to validate the accuracy and completeness of the image. A forensic image can then be analyzed using forensic analysis software or tools without affecting the original data source.

Topics

#digital forensics#forensic imaging#evidence collection#incident response

Community Discussion

No community discussion yet for this question.

Full CISSP Practice