During an incident response, a security analyst has identified a server that may have been compromised. The analyst decides to take an image of the server's hard drive for further analysis. Which of the following is the MOST critical step to ensure the integrity of the investigation?
Document the process and the individuals involved in handling the server.
Physically secure the server to prevent further access.
Generate a digital hash of the server's hard drive image.
Limit access to the server by updating access control lists.