An analyst is responsible for collecting hard drives from compromised systems after a security breach to facilitate a forensic investigation. Which of the following best ensures that the integrity of the evidence is maintained and admissible in court?
Using standardized forms to document who accessed the evidence, the date/time of access, and the purpose of handling, each time the evidence is handled.
Ensuring that the evidence is stored in a secure location with restricted access.
Marking the hard drives with identification tags that include a case number and the date of acquisition.
Quickly acquiring the evidence before it can be tampered with by unauthorized personnel.