Question

Joe is making a clone of the evidence drive onto a target drive. Which of these is not a good practice?

A.Forensically wipe target drive first
B.Use antivirus to scan the forensic workstation
C.Use antivirus to scan the evidence drive
D.Use a hardware write-blocker
E.Calculate the MD5 hash

Answer 1

Using antivirus to scan the forensic workstation is not a good practice when making a clone of the evidence drive onto a target drive.

Step-by-step explanation:

Out of the options given, using antivirus to scan the forensic workstation is not a good practice when making a clone of the evidence drive onto a target drive.

Using antivirus software on the forensic workstation can potentially alter or delete important evidence during the cloning process. Therefore, it is recommended to disable or exclude forensic tools from the antivirus scans to avoid any interference.

Other options such as forensically wiping the target drive first, using antivirus to scan the evidence drive, using a hardware write-blocker to prevent any alterations, and calculating the MD5 hash to verify the integrity of the data are all good practices when making a clone of the evidence drive.