The correct answer is "To establish that the evidence has not been altered, tampered with, or otherwise compromised." A complete, continuous chain of custody provides a verifiable record of who handled the evidence, when, and under what conditions, thereby demonstrating its authenticity and integrity for legal or internal proceedings. Gaps in this documentation can cause a court-or an internal review-to reject the evidence. The other options describe activities that may occur during an investigation (analysis, remediation, or data backup) but are not the fundamental reason the chain of custody is maintained.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a chain of custody in the context of digital evidence?
Open an interactive chat with Bash
Why is the integrity of digital evidence so important in incident response?
Open an interactive chat with Bash
How can failures in maintaining a chain of custody impact an investigation?