During an incident response, a security analyst has identified a server that may have been compromised. The analyst decides to take an image of the server's hard drive for further analysis. Which of the following is the MOST critical step to ensure the integrity of the investigation?
Limit access to the server by updating access control lists.
Generate a digital hash of the server's hard drive image.
Physically secure the server to prevent further access.
Document the process and the individuals involved in handling the server.