When performing log analysis after detecting a potential security incident, what is the primary purpose of correlating time stamps across diverse systems and devices?
To construct an accurate timeline of events
To streamline the process of recovery and remediation
To determine when to re-image affected systems
To enforce legal hold across the enterprise