A security team discovers a laptop suspected of being used in a data breach incident. What should be the FIRST action taken with this potential evidence?
Examine system logs for unauthorized access
Perform a full system malware scan
Document the chronological record of custody
Create working copies for the investigation team
Establishing and documenting the chronological record of custody is the correct first action when handling potential evidence. This documentation process records who had possession of the evidence, when they had it, and what actions were performed with it. This unbroken record is essential for maintaining evidence integrity and ensuring admissibility in potential legal proceedings.
The other options are incorrect because:
Creating working copies is an important step but should only occur after the evidence has been properly documented and secured. Making copies without first establishing proper documentation could compromise evidence integrity.
Performing a malware scan immediately on the original device could alter metadata, timestamps, or remove potential evidence, compromising the integrity of the original evidence.
Examining system logs directly on the device could modify access dates and potentially overwrite important evidence. Forensic investigation should be conducted on properly created forensic images, not on the original evidence.
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
All IT & Cybersecurity Package plans include the following perks and exams .
Our pricing is simple. Full access to all certifications and exams in each package, for one price.
As many practice tests for as many topics as you want.
Use study mode non-stop, no limits.
Access to our AI assistant, Bash, trained to help you pass your exam.
Track your scores over time in study mode and report cards.
See how you improve over time, and where you need to focus.
Access our store with even bigger discounts than before.
Unlimited access to all performance questions and be prepared for the real thing.
All IT & Cybersecurity Package plans include unlimited access to the following study materials.
Create an account or sign in to access our study materials.