GIAC GCED Exam - Topic 6 Question 71 Discussion

Actual exam question for GIAC's GCED exam

Question #: 71
Topic #: 6

[All GCED Questions]

Which of the following is the best way to establish and verify the integrity of a file before copying it during an investigation?

AWrite down the file size of the file before and after copying and ensure they match

BEnsure that the MAC times are identical before and after copying the file

CEstablish the chain of custody with the system description to prove it is the same image

DCreate hash of the file before and after copying the image verifying they are identical

Show Suggested Answer

Suggested Answer: D

by Tamar at Nov 19, 2025, 12:13 PM

Limited Time Offer

25%

Off

Get Premium GCED Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Alonzo

15 hours ago

B is important, but it doesn't verify the file content like D does.

upvoted 0 times

...

Irma

6 days ago

Wait, can hashes really guarantee integrity? Seems too simple.

upvoted 0 times

...

Miles

11 days ago

C is crucial too, but D is more reliable for integrity.

upvoted 0 times

...

Antione

16 days ago

I think A is good enough, file sizes should match.

upvoted 0 times

...

Anabel

21 days ago

B) MAC times? What is this, a game of forensic hide-and-seek?

upvoted 0 times

...

Ivette

26 days ago

D) Hashing is the way to go. Anything else is just guesswork.

upvoted 0 times

...

Lonna

1 month ago

A) Write down the file size? Really? That's like trying to catch a thief by measuring the size of their shoes.

upvoted 0 times

...

Glory

1 month ago

D) Create hash of the file before and after copying the image verifying they are identical. This is the only way to truly verify the integrity of the file.

upvoted 0 times

...

Dannette

1 month ago

I practiced a question similar to this, and I think hashing is definitely the most reliable method. So, I’d go with D.

upvoted 0 times

...

Argelia

2 months ago

I feel like establishing a chain of custody is crucial, but I don't know if it directly verifies file integrity like option D does.

upvoted 0 times

...

Cecilia

2 months ago

I'm not entirely sure, but I remember something about MAC times being important too. Maybe option B could work?

upvoted 0 times

...

Tyisha

2 months ago

D) is definitely the way to go. Hashing the file is the most reliable method to confirm the integrity of the data during the investigation.

upvoted 0 times

...

Lemuel

2 months ago

I think option D is probably the best choice since creating a hash is a common method to verify file integrity.

upvoted 0 times

...

Jesse

2 months ago

D is definitely the best option, hashes are key!

upvoted 0 times

...

Jerry

3 months ago

D) Hashing is the gold standard for file integrity. Anything else is just playing around.

upvoted 0 times

...

Effie

3 months ago

Option D is the clear winner here. Verifying the hash before and after the copy is the surest way to establish that the file has not been altered.

upvoted 0 times

...

Bette

3 months ago

I'm a bit confused on this one. I'm not sure if option A or D is the better approach. I'll have to think it through carefully.

upvoted 0 times

...

Lenna

3 months ago

D) seems like the best option to verify the integrity of the file. Creating a hash before and after copying will ensure the file hasn't been tampered with.

upvoted 0 times

Corrie

2 months ago

I agree, D) is definitely the most reliable method.

upvoted 0 times

...