Anti-forensic activity has historically focused on destroying data, hiding data, or altering data usage (that is anti-forensics directly attacked the evidence of the illicit activity). Anti-forensic activity also attacks the tools used by the forensic analyst. Anti-forensic activity now includes discrediting the process of forensics by discrediting their tools. Hashing is the primary tool used by forensic analysts to document the integrity of original evidence such as hard drives. Which hashing methods does NIST recommend for use.

SHA-1

SHA

SHA-3

SHA-2

Explanation

In a notice by NIST on 2015-0805 in the Federal Register titled; Announcing Approval of Federal Information Processing Standard (FIPS) 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, and Revision of the Applicability Clause of FIPS 180-4, Secure Hash Standard (https://www.federalregister.gov/articles/2015/08/05/2015-19181/announcing-approval-of-federal-information-processing-standard-fips-202-sha-3-standard. SHA-3 is therefore the correct answer. The CISSP book was apparently published prior to the approval so the text needs to be corrected.

However, the SHA-3 standard remains in draft form and some technical details still require finalization. Observers expect that, once NIST finalizes SHA-3, SHA-2 will remain an accepted part of NIST’s Secure Hash Standard (SHS) until someone demonstrates an effective practical attack against SHA-2. CISSP 7th Edition (2015)