How should hash values and the method used be stored for future integrity verification?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Study for the SANS Advanced Incident Response, Threat Hunting, and Digital Forensics (FOR508) Test. Prepare with comprehensive materials, flashcards, and multiple choice questions with hints and explanations. Ace your exam with confidence!

Multiple Choice

How should hash values and the method used be stored for future integrity verification?

Explanation:
Verifying integrity reliably hinges on having a trusted, tamper-evident record of both the hash values and the algorithm used to generate them. Storing both the hashes and the hashing method in a secure, access-controlled repository provides tamper resistance, an audit trail, and versioning, which supports a defensible forensic process, chain of custody, and reproducible verifications in the future. This setup ensures that later checks are performed against a known baseline that cannot be easily altered by unauthorized users or a compromised workstation. Storing hashes on a public web server exposes them to potential tampering or spoofing; placing them in a shared folder without access control leaves them open to unauthorized modification; and keeping hashes only on the imaging workstation creates a single point of failure that’s vulnerable if that system is compromised.

Verifying integrity reliably hinges on having a trusted, tamper-evident record of both the hash values and the algorithm used to generate them. Storing both the hashes and the hashing method in a secure, access-controlled repository provides tamper resistance, an audit trail, and versioning, which supports a defensible forensic process, chain of custody, and reproducible verifications in the future. This setup ensures that later checks are performed against a known baseline that cannot be easily altered by unauthorized users or a compromised workstation.

Storing hashes on a public web server exposes them to potential tampering or spoofing; placing them in a shared folder without access control leaves them open to unauthorized modification; and keeping hashes only on the imaging workstation creates a single point of failure that’s vulnerable if that system is compromised.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy