How can a forensic specialist exclude from examination a large percentage of operating system files
residing on a copy of the target system?
A.
Take another backup of the media in question then delete all irrelevant operating system files.
B.
Create a comparison database of cryptographic hashes of the files from a system with the same
operating system and patch level.
C.
Generate a message digest (MD) or secure hash on the drive image to detect tampering of the
media being examined.
D.
Discard harmless files for the operating system, and known installed programs.