Exam CISSP topic 1 question 312 discussion

Order of volatility is the first thing to consider

Agree with D.

In digital forensics, order of volatility refers to the sequence in which data should be collected based on how quickly it can change or disappear. Volatile data (e.g., RAM, running processes, network connections) must be captured first, as it may be lost when the system is powered down or altered. Establishing this order is critical to prioritizing evidence collection and preserving the integrity of the investigation.

The correct answer is D. Establish order of volatility. Explanation: When determining the priority of digital evidence collection at a crime scene, a forensic examiner should first establish the order of volatility. The order of volatility refers to the sequence in which different types of digital evidence should be collected based on how easily they might be lost or altered. By establishing the order of volatility, the forensic examiner can prioritize the collection of the most volatile evidence, such as data stored in memory or cache, before it is lost or modified. Incorrect answers: B. Assign responsibilities to personnel on the scene: Assigning responsibilities to personnel is important for maintaining the integrity of the crime scene and ensuring a thorough investigation, but it is not the first step in prioritizing digital evidence collection.

Vote D

The idea is that you gather the most volatile data first– the data that has the potential for disappearing the most is what you want to gather very first thing. The data that could be around for a longer period of time, you at least have a little bit of time that you could wait before you have to gather that data before it disappears. So this order of volatility becomes very important.