A technician receives a high-priority ticket about sensitive information collected from an end user's workstation. Which of the following steps should a technician take to preserve the chain of custody for a forensic investigation?
Here are the steps a technician should take:
Isolate the workstation: Disconnect it from the network to prevent further data compromise.
Document the state of the workstation: Take photos or videos to record its physical state, including any external devices connected to it.
Create a forensic image: Create a bit-by-bit copy of the entire hard drive to preserve the original data.
Secure the image: Store the image in a secure location, ensuring its integrity and confidentiality.
Document the entire process: Maintain detailed records of all actions taken, including timestamps, personnel involved, and any changes made to the workstation.
By following these steps, the technician can ensure the integrity of the evidence and facilitate a thorough forensic investigation.
Google Gemini
C. Recover and secure the workstation
Preserving the chain of custody is crucial for a forensic investigation. This involves securing the workstation to prevent any unauthorized access or modifications.
upvoted 1 times
...
...
This section is not available anymore. Please use the main Exam Page.220-1102 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Nate_A
5 months, 3 weeks agoNate_A
5 months, 3 weeks ago