A user is suspected of engaging in potentially illegal activities. Law enforcement has requested that the user continue to operate on the network as normal. However, they would like to have a copy of any communications from the user involving certain key terms. Additionally, the law enforcement agency has requested that the user’s ongoing communication be retained in the user’s account for future investigations. Which of the following will BEST meet the goals of law enforcement?
A . Begin a chain-of-custody on for the user’s communication. Next, place a legal hold on the user’s email account.
B . Perform an e-discover using the applicable search terms. Next, back up the user’s email for a future investigation.
C . Place a legal hold on the user’s email account. Next, perform e-discovery searches to collect applicable emails.
D . Perform a back up of the user’s email account. Next, export the applicable emails that match the search terms.
Answer: C
Leave a Reply