After a security breach, an analyst determines that several endpoints have been compromised with persistent malware. Isolation procedures have been completed, and the decision has been made to re-image the affected systems to a known good state. Prior to the re-imaging process, which of the following steps is MOST important to perform to maintain the integrity of the incident response process?
Immediately disconnecting the affected systems from all networks
Ensuring a complete backup of the system has been created
Re-configuring the endpoint protection on the systems to prevent future infections
Deploying patches to all other systems in the network to prevent spread