Law, Investigations, and Ethics

Posted on by
Like what you see? Share it.Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

These questions are derived from the Self Test Software Practice Test for (ISC)2’s CISSP exam.

Objective: Law, Investigations, and Ethics
SubObjective: Understand the Parameters of Investigations

Single Answer, Multiple Choice

What is the main disadvantage of using message digests during the course of forensic investigation?

 

 

  1. Faster processing
  2. Slower access time
  3. Modified timestamp
  4. Stringent authentication

Answer:
C. Modified timestamp

Tutorial:
During the course of a forensic investigation, the last access time for a file is changed when a message digest is created on the data collected. Message digests are necessary to ensure that the evidence is not tampered with during the course of the investigation. A logging timestamp is changed due to a transaction taking place and overwrites the timestamp of the incident that occurred.

A message digest is a fixed output created by using a one-way hash function. A message digest is created from a variable set of input, also referred to as a checksum. A message digest is helpful in detecting whether any change is made to the records during the course of the chain of custody. The message digest is expected to be smaller than the original data string.

Message digests do not provide a stringent authentication and deal with integrity of information.

Message digests do not contribute to either a higher processing time or to a slower access time.
Reference:
Wikipedia.org, Computer Forensics, http://en.wikipedia.org/wiki/Computer_forensics

Like what you see? Share it.Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone
cmadmin

ABOUT THE AUTHOR

Posted in Archive|

Comment: