Law, Investigations, and Ethics
These questions are derived from the Self Test Software Practice Test for (ISC)2’s CISSP exam.
Objective: Law, Investigations, and Ethics
SubObjective: Understand the Parameters of Investigations
Single Answer, Multiple Choice
What is the main disadvantage of using message digests during the course of forensic investigation?
- Faster processing
- Slower access time
- Modified timestamp
- Stringent authentication
Answer:
C. Modified timestamp
Tutorial:
During the course of a forensic investigation, the last access time for a file is changed when a message digest is created on the data collected. Message digests are necessary to ensure that the evidence is not tampered with during the course of the investigation. A logging timestamp is changed due to a transaction taking place and overwrites the timestamp of the incident that occurred.
A message digest is a fixed output created by using a one-way hash function. A message digest is created from a variable set of input, also referred to as a checksum. A message digest is helpful in detecting whether any change is made to the records during the course of the chain of custody. The message digest is expected to be smaller than the original data string.
Message digests do not provide a stringent authentication and deal with integrity of information.
Message digests do not contribute to either a higher processing time or to a slower access time.
Reference:
Wikipedia.org, Computer Forensics, http://en.wikipedia.org/wiki/Computer_forensics