Which of the following would be MOST appropriate for collecting and preserving evidence?

Posted by: Pdfprep Category: CISM Tags: , ,

Which of the following would be MOST appropriate for collecting and preserving evidence?
A . Encrypted hard drives
B . Generic audit software
C . Proven forensic processes
D . Log correlation software

Answer: C

Explanation:

When collecting evidence about a security incident, it is very important to follow appropriate forensic procedures to handle electronic evidence by a method approved by local jurisdictions. All other options will help when collecting or preserving data about the incident; however, these data might not be accepted as evidence in a court of law if they are not collected by a method approved by local jurisdictions.

Leave a Reply

Your email address will not be published.