The difference between tampered and untampered disk images is:
Tampered Images: These are disk images that have been altered or modified in some way after their initial creation. The stored hash and the computed hash will not match if the image has been tampered with.
Untampered Images: These are disk images that have not been altered since their creation. They are considered authentic and reliable for forensic investigations. The stored hash and the computed hash will match, confirming that the image has remained unchanged.
Therefore, the correct answer is: D. Untampered images are used for forensic investigations.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit