A cybersecurity analyst at a law firm needs to acquire data from a laptop that is part of an ongoing legal investigation. To maintain the integrity of the digital evidence, which of the following methods should the analyst employ first?
Creating a bit-by-bit image of the device's storage media
Reviewing the file access logs to verify data integrity
Modifying the file system metadata to flag as evidence
Filling out chain of custody forms before acquiring data
|Threats, Vulnerabilities, and Mitigations
|Security Program Management and Oversight
|General Security Concepts