A cybersecurity analyst responded to a data exfiltration incident and seized a user's laptop for forensic analysis. The analyst documented the time of seizure, placed the laptop in a sealed evidence bag with a tamper-evident tag, and logged the transfer to the forensics lab. This log is updated by each person who handles the laptop. Which incident response concept does this documented process represent?
The correct answer is 'Chain of custody'. Chain of custody is the chronological documentation that records the sequence of custody, control, transfer, analysis, and disposition of physical or electronic evidence. This process is crucial for proving that the evidence has not been tampered with and maintaining its integrity for legal proceedings. 'Legal hold directive' is an instruction to preserve data, not the tracking log itself. 'Evidence disclosure' is a phase in the legal process for sharing evidence between parties. 'Control ledger' is not a standard term in this context.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is the chain of custody important in incident response?
Open an interactive chat with Bash
What are some common steps to maintain a proper chain of custody?
Open an interactive chat with Bash
How does the chain of custody apply to digital evidence?