The use of MD5 hashes ensures that any modification or tampering with the evidence would change the hash value, thus making tampering detectable.

The correct answer is A. Every byte of the file(s) is given an MD5 hash to match against a master file. Encase, a digital forensics tool, uses MD5 hashing to ensure the integrity and authenticity of evidence. When evidence is acquired, Encase calculates an MD5 hash value for every byte of the file(s), creating a unique digital fingerprint. This hash value is then compared to a master file to verify that the evidence has not been altered or tampered with. MD5 hashing is a one-way encryption method that produces a fixed-length string of characters, making it virtually impossible to modify the evidence without changing the hash value. This ensures the integrity and authenticity of the evidence, making it admissible in court.

The technique used by EnCase to make it virtually impossible to tamper with evidence once it has been acquired is A. Every byte of the file(s) is given an MD5 hash to match against a master file. This ensures data integrity and helps detect any unauthorized modifications.

B < EnCase creates an evidence file, it calculates CRC values for its header and each block of data. Additionally, it calculates an MD5/SHA-1 value for the data only. No other data (header, CRC, metadata, and so on) is included in this MD5/SHA-1 hash.