A computer forensics team is performing an integrity check on key systems files. The team is comparing the signatures of original baseline files with the latest signatures. The original baseline was taken on March 2, 2016. and was established to be clean of malware and uncorrupted. The latest tile signatures were generated yesterday. One file is known to be corrupted, but when the team compares the signatures of the original and latest flies, the team sees the
Following:
Original: 2d da b1 4a fc f1 98 06 b1 e5 26 b2 df e5 5b 3e cb 83 e1
Latest: 2d da b1 4a 98 fc f1 98 bl e5 26 b2 df e5 5b 3e cb 83 e1
Which of the following is MOST likely the situation?
A . The forensics team must have reverted the system to the original date.
Which resulted in an identical hash calculation?
B . The original baseline was compromised, so the corrupted file was always on the system.
C . The signature comparison is using two different algorithms that happen to have generated the same values.
D . The algorithm used to calculate the hash has a collision weakness, and an attacker has exploited it.
Answer: D
Leave a Reply