During an incident response, a security analyst identified a suspicious file on a workstation that may be related to a malware infection. The analyst needs to collect the file as evidence for further analysis. Which of the following is the analyst's critical step to preserve the digital evidence?

A. The analyst must maintain chain of custody.
B. The analyst must copy evidence to a USB drive.
C. The analyst must shut down the system.
D. The analyst must log off the user account.

Question

22-05-2024
Computers and Technology

Answered

During an incident response, a security analyst identified a suspicious file on a workstation that may be related to a malware infection. The analyst needs to collect the file as evidence for further analysis. Which of the following is the analyst's critical step to preserve the digital evidence?

A. The analyst must maintain chain of custody.
B. The analyst must copy evidence to a USB drive.
C. The analyst must shut down the system.
D. The analyst must log off the user account.

Answer :

Other Questions

The new lockers are much better than the old ones. Those were much too small and were dented. How do I clarify the vague pronoun?

what were the causes, course and consequences of the united states involvement in ww1

What is Kennedy's main point in this sentence? We dare not forget today that we are the heirs of that first revolution.

Which of the quadratic functions has the narrowest graph? A) Y=2x^2 B) Y= (1/6)x^2 C) Y= -x^2 D) Y=(1/8)x^2

what were the causes, course and consequences of the united states involvement in ww1

Which European country does not include territory that was once part of the Roman Empire? A. Ireland B. Greece C. Germany D. Spain

do you agree with president carter that human rights concerns should steer U.S. foreign policy?why or why not?

Is it true that the lighter the object, the less air resistance?

What are the first five terms of the pattern with the formula 21n? The first five terms are , , , , and .

Which ruler was defeated at the battle of Salamis? A. Leonidas of Sparta B. Philip of Macedonia C. Pericles of Athens D. Xerxes of Persia

omotoyinbotoniloba omotoyinbotoniloba · Answer 1 · 2024-05-22T04:03:58-04:00

The critical step for the security analyst to preserve the digital evidence is to maintain the chain of custody. This means ensuring that there is a documented record of who has had access to the evidence, when it was accessed, and any changes made to it. This helps maintain the integrity and admissibility of the evidence in legal proceedings, if necessary. Simply copying the evidence to a USB drive may not be sufficient to maintain the chain of custody, as it does not provide a clear record of who has accessed the evidence. Shutting down the system or logging off the user account may also disrupt or alter the evidence. Therefore, the correct answer is A. The analyst must maintain chain of custody.