When performing log analysis after detecting a potential security incident, what is the primary purpose of correlating time stamps across diverse systems and devices?
To streamline the process of recovery and remediation
To enforce legal hold across the enterprise
To construct an accurate timeline of events
To determine when to re-image affected systems