The correct answer is C because integrity verification in digital forensics is performed by calculating a cryptographic hash value for the file and comparing it with a trusted known-good reference. The script name hash_calculation.py directly indicates that it is intended to generate such a value. In CHFI v11, digital forensics using Python includes acquisition, validation, and artifact analysis tasks, and hashing is one of the most fundamental operations for confirming that a file has not changed. A forensic examiner would use this approach to determine whether a Linux executable has been tampered with, replaced, or modified for persistence. The other script names point to unrelated functions: system log review, reboot history, or volatile information collection. None of those directly produces the file fingerprint needed for integrity comparison. In exam reasoning, when the question asks for a Python utility that validates whether a file remains unchanged by generating a comparison value, the most appropriate answer is the script explicitly dedicated to hash calculation. That aligns with CHFI’s emphasis on evidence validation and integrity assurance during forensic analysis.