Which of the following supplies non-repudiation during a forensics investigation?
Which of the following supplies non-repudiation during a forensics investigation?
Non-repudiation ensures that a party cannot deny the authenticity or origin of a message, action, or transaction. In the context of a forensics investigation, this means providing a way to guarantee that evidence presented has not been tampered with and is genuinely what it claims to be. Using a SHA-2 signature of a drive image provides this guarantee because it involves generating a cryptographic hash that uniquely identifies the drive's contents. Any changes made to the drive would alter the hash, making it possible to detect tampering. This ensures the integrity and authenticity of the evidence, which is critical for non-repudiation.
Yeah, it’s C. Nonrepudiation is specifically talking about the proof that someone has done something on the system. Taking a hash of the original disk is proof that it represents the state of the data when the investigation began. It’s not a signature in the sense of an encryption cert or something like that, but it is definitely a method of ensuring that the data on the drive represents the user’s changes, vice those of the investigator or someone else after the fact. Chain of custody doesn’t apply because nonrepudiation is talking about the data itself.
looks like you're talking about integrity, not non-repudiation
You're wrong. Non-repudiation ensures that a party cannot deny the authenticity or origin of a message, action, or transaction. So a digital signature for example, or in this case a chain of custody.
I would go with D. logging everyone in contact. While a hash function like C. would grant integrity, it only partially grants non-repudiation. The goal of non-repudiation measures is to ensure that no one can alter a claim previously made (example: digital signature proving someone sent data. They cannot deny that they sent the data because their digital signature was on the transmission.) In this case, answer D. grants non-repudiation because the logs of everyone in contact are proof of that interaction and cannot be refuted after the fact. C would only prove data was not altered.
That ain't it buddy
I believe you are referring to: chain of custody. I chose C.
A report or log made by a human is not a hard evidence, since you can just easily log false information. A signature created via cryptographic technology is impossible to crack or alter. The answer is C.
A chain of custody or log is non-repudiation. By your same logic, someone could alter the data before hashing the data as well. No system is perfect. The answer is D.
we need stone face :/
Verified it with Professor Messer's hashing and digital signature's sec+ content video. Answer's C....
I'm saying D, Chain of custody will document when the SHA-2 hash was performed. Making it non-repudiation.
This is a forensics investigation and to me sounds like a much broader scope than data handling/processing where in that case I'd vote for C. But I think the answer is D since the question does not mention anything specific to data.
It's D. Using a SHA-2 signature of a drive image: This helps ensure the integrity of the copied data, but it doesn't necessarily prove who created the copy.
The option that supplies non-repudiation during a forensics investigation is: C. Using a SHA-2 signature of a drive image. A SHA-2 signature is a cryptographic hash generated from the drive image, which serves as a unique and verifiable identifier of the image's contents. By generating a SHA-2 signature of the drive image, investigators can ensure the integrity of the evidence and provide non-repudiation, meaning that the integrity and authenticity of the evidence cannot be denied by the parties involved. This helps establish the credibility of the forensic investigation findings and ensures that the evidence has not been tampered with.
unsure incorrectcorrect Law enforcement has acquired a disk as evidence and copied the disk for analysis. Suggest a way to maximize the integrity of the analysis process to ensure non-repudiation is possible. (Select all that apply.) CORRECT ANSWER: Create a hash before and after analysis and compare the checksums. Use a write blocker during analysis to prevent data from being changed.
I think C is the best answer here
The definition of non-repudiation is: undeniable evidence that a specific action was performed by a particular individual or entity. There's only 1 answer that fits this definition
While using a hash (like SHA-2) can ensure data integrity, it does not directly provide non-repudiation.
C. Using a SHA-2 signature of a drive image Creating a SHA-2 signature involves generating a hash value for the drive image, and any changes to the image would result in a different hash value.
encryption can only guaranteed for the integrity not non repudiation
Only C that make sense here when it comes to data security.
chat gpt answer C. Using a SHA-2 signature of a drive image Creating a cryptographic hash (in this case, a SHA-2 signature) of a drive image is a method commonly used in digital forensics to ensure non-repudiation. It provides a means to verify the integrity of the evidence. If the drive image remains unaltered, the SHA-2 signature will match the original hash, making it extremely difficult for anyone to dispute the authenticity and integrity of the evidence.
C. Using a SHA-2 signature of a drive image A SHA-2 signature of a drive image is a cryptographic checksum that can be used to ensure data integrity and provide non-repudiation during a forensic investigation. When an investigator generates a SHA-2 hash of a drive image, it serves as a unique fingerprint for that data. Any changes to the drive image, even minor ones, will result in a completely different SHA-2 hash. This ensures that the data remains unchanged and can be used as evidence in a court of law, providing non-repudiation.
Bro, u voted for A