You are a cybersecurity analyst who has just collected a hard drive as evidence for a suspected data breach. What is the most important next step to ensure that the chain of custody is intact?
Labeling the hard drive with the date and time of collection
Securing the hard drive in tamper-evident packaging
Properly documenting and maintaining the chain of custody involves ensuring that the evidence is tracked and handled correctly from the moment it is collected. This includes noting who collected it, when, where, and how it was collected. Securing the evidence in tamper-evident packaging is a critical next step, as it prevents any unauthorized access that could compromise the integrity of the evidence. While labeling and transferring are also important, they should follow the initial securing of the evidence.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.