Which statement about the fragility of digital evidence is true?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the EC-Council Certified Security Specialist (ECSS) Exam. Prepare with multiple choice questions, detailed explanations, and key insights to boost your confidence. Ace the exam now!

Multiple Choice

Which statement about the fragility of digital evidence is true?

Explanation:
The main idea here is that digital evidence is fragile and must be preserved with care. Digital data can be easily lost or altered if not handled properly, because much of it is changeable by normal system operations or even by the act of collecting it. RAM is a prime example: it holds volatile data that vanishes when power is removed, so important live information can disappear unless captured promptly with proper techniques. Even after you have a copy of the data, changes can occur—log files can be deleted or rotated, files’ metadata can be altered by the tools used to image or analyze the data, and the very process of imaging or mounting storage can inadvertently modify data if a write blocker isn’t used. Because of these factors, stating that digital evidence is fragile reflects the reality that it can be easily lost or corrupted without careful, forensically sound handling. The other statements imply that RAM survives power loss, logs cannot be deleted, and evidence never changes after collection, which aren’t true in practice.

The main idea here is that digital evidence is fragile and must be preserved with care. Digital data can be easily lost or altered if not handled properly, because much of it is changeable by normal system operations or even by the act of collecting it. RAM is a prime example: it holds volatile data that vanishes when power is removed, so important live information can disappear unless captured promptly with proper techniques. Even after you have a copy of the data, changes can occur—log files can be deleted or rotated, files’ metadata can be altered by the tools used to image or analyze the data, and the very process of imaging or mounting storage can inadvertently modify data if a write blocker isn’t used. Because of these factors, stating that digital evidence is fragile reflects the reality that it can be easily lost or corrupted without careful, forensically sound handling. The other statements imply that RAM survives power loss, logs cannot be deleted, and evidence never changes after collection, which aren’t true in practice.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy