CompTIA Cloud+ CV0-003 Practice Question
During an incident response, a forensics team has retrieved vital data logs that may indicate the nature of a security breach. Which of the following options represents the BEST practice to maintain the integrity of these data logs as legal evidence?
Rely on automated timestamps logged by the system to record when the data logs have been accessed or modified.
Utilize the existing access control systems to ensure only authorized personnel can access the stored data logs without documenting individual access instances.
Document every individual who has handled the evidence, including detailed timestamps and the purpose of each contact, from the moment of retrieval to the final storage of the logs.
Log the time of retrieval and storage of the data logs without recording which individuals had access to the evidence.