Which of the following actions should the analyst perform next to ensure the data integrity of the evidence?

During an incident response procedure, a security analyst acquired the needed evidence from the hard drive of a compromised machine.

Which of the following actions should the analyst perform next to ensure the data integrity of the evidence?
A . Generate hashes for each file from the hard drive.
B. Create a chain of custody document.
C. Determine a timeline of events using correct time synchronization.
D. Keep the cloned hard drive in a safe place.

View Answer

Answer: A

Explanation:

Generating hashes for each file from the hard drive is the next action that the analyst should perform to ensure the data integrity of the evidence. Hashing is a technique that produces a unique and fixed-length value for a given input, such as a file or a message. Hashing can help to verify the data integrity of the evidence by comparing the hash values of the original and copied files. If the hash values match, then the evidence has not been altered or corrupted. If the hash values differ, then the evidence may have been tampered with or damaged.