During an incident involving the company main database, a team of forensics experts is hired to respond to the breach. The team is in charge of collecting forensics evidence from the company’s database server. Which of the following is the correct order in which the forensics team should engage?
A . Notify senior management, secure the scene, capture volatile storage, capture non-volatile storage, implement chain of custody, and analyze original media.
B . Take inventory, secure the scene, capture RAM, capture had drive, implement chain of custody, document, and analyze the data.
C . Implement chain of custody, take inventory, secure the scene, capture volatile and non-volatile storage, and document the findings.
D . Secure the scene, take inventory, capture volatile storage, capture non-volatile storage, document, and implement chain of custody.
Answer: D
Leave a Reply