312-49v10 Exam - Question 127

B < EnCase creates an evidence file, it calculates CRC values for its header and each block of data. Additionally, it calculates an MD5/SHA-1 value for the data only. No other data (header, CRC, metadata, and so on) is included in this MD5/SHA-1 hash.

The technique used by EnCase to make it virtually impossible to tamper with evidence once it has been acquired is A. Every byte of the file(s) is given an MD5 hash to match against a master file. This ensures data integrity and helps detect any unauthorized modifications.

The correct answer is A. Every byte of the file(s) is given an MD5 hash to match against a master file. Encase, a digital forensics tool, uses MD5 hashing to ensure the integrity and authenticity of evidence. When evidence is acquired, Encase calculates an MD5 hash value for every byte of the file(s), creating a unique digital fingerprint. This hash value is then compared to a master file to verify that the evidence has not been altered or tampered with. MD5 hashing is a one-way encryption method that produces a fixed-length string of characters, making it virtually impossible to modify the evidence without changing the hash value. This ensures the integrity and authenticity of the evidence, making it admissible in court.

The use of MD5 hashes ensures that any modification or tampering with the evidence would change the hash value, thus making tampering detectable.