When compiling an incident report, which of the following would BEST serve as reliable evidence that is admissible in legal proceedings?
Log files showing unauthorized access attempts
Witness statements providing accounts of the security incident
A forensic image hash to prove that the image of a system has not been altered
Chain of custody documents that detail how evidence was collected, handled, and preserved