A cybersecurity analyst at a law firm needs to acquire data from a laptop that is part of an ongoing legal investigation. To maintain the integrity of the digital evidence, which of the following methods should the analyst employ first?
Modifying the file system metadata to flag as evidence
Reviewing the file access logs to verify data integrity
Creating a bit-by-bit image of the device's storage media
Filling out chain of custody forms before acquiring data