Which of the following is MOST important for an IS auditor to determine when reviewing how the organization’s incident response team handles devices that may be involved in criminal activity?
A. Whether devices are checked for malicious applications
B. Whether the access logs are checked before seizing the devices
C. Whether users have knowledge of their devices being examined
D. Whether there is a chain of custody for the devices
A. Whether devices are checked for malicious applications
B. Whether the access logs are checked before seizing the devices
C. Whether users have knowledge of their devices being examined
D. Whether there is a chain of custody for the devices