In a complex forensic investigation, a CHFI investigator has been given a 2 TB suspect drive from which they must acquire relevant data as quickly as possible. The investigator uses a verified and tested data acquisition tool to accomplish this task. Given that the suspect drive cannot be retained, and considering the mandatory requirements of the selected tool, which of the following steps is the most critical for the investigator to ensure a forensically sound acquisition? A. Prioritizing and acquiring only those data that are of evidentiary value B. Testing lossless compression by applying an MD5, SHA-2, or SHA-3 hash on a file before and after compression C. Using Microsoft disk compressions tools like DriveSpace and DoubleSpace to exclude slack disk space between the files D. Compress files by using archiving tools like PKZip, WinZip, and WinRAR Â Suggested Answer: A This question is in 312-49V10 EC-Council Computer Hacking Forensic Investigator (CHFI) v10 Exam For getting EC-Council Computer Hacking Forensic Investigator (CHFI) Certificate Disclaimers: The website is not related to, affiliated with, endorsed or authorized by EC-Council. Trademarks, certification & product names are used for reference only and belong to EC-Council. The website does not contain actual questions and answers from EC-Council's Certification Exams.
Please login or Register to submit your answer
