An analyst is responsible for collecting hard drives from compromised systems after a security breach to facilitate a forensic investigation. Which of the following best ensures that the integrity of the evidence is maintained and admissible in court?
Ensuring that the evidence is stored in a secure location with restricted access.
Using standardized forms to document who accessed the evidence, the date/time of access, and the purpose of handling, each time the evidence is handled.
Quickly acquiring the evidence before it can be tampered with by unauthorized personnel.
Marking the hard drives with identification tags that include a case number and the date of acquisition.