Which is a standard procedure to perform during all computer forensics investigations?
Which is a standard procedure to perform during all computer forensics investigations?
In computer forensics investigations, it is crucial to preserve the integrity of the system and its data as much as possible. Checking the date and time in the system's CMOS is a fundamental step to verify accurate timestamps for files and events. Removing the hard drive from the suspect PC before checking the CMOS settings can alter the system state, possibly affecting the investigation. Therefore, it is best to check the date and time in the system's CMOS with the hard drive still in the suspect PC.
The answer should be D. Removing the hard drive before checking the CMOS settings can potentially alter the system state and might affect the investigation. Besides, to get an accurate read of the time settings as they relate to file timestamps, it's important to check them in their current state.