An organization that has suffered a cyber attack is performing a forensic analysis of the affected users’ computers. Which of the following should be of GREATEST concern for the IS auditor reviewing this process?
A. The chain of custody has not been documented.
B. The legal department has not been engaged.
C. An imagining process was used to obtain a copy of the data from each computer.
D. Audit was only involved during extraction of the information.
A. The chain of custody has not been documented.
B. The legal department has not been engaged.
C. An imagining process was used to obtain a copy of the data from each computer.
D. Audit was only involved during extraction of the information.