CISA Certified Information Systems Auditor – Question2198
Identify the correct sequence which needs to be followed as a chain of event in regards to evidence handling in computer forensics? A. Identify, Analyze, preserve and Present B. Analyze, Identify, preserve and present C. Preserve, Identify, Analyze and Present D. Identify, Preserve, Analyze and Present
Correct Answer: D
Explanation:
Explanation:
There are 4 major considerations in the chain of event in regards to evidence in computer forensics:
Identify -Refers to identification of information that is available and might form evidence of an accident
Preserve -Refers to the practice of retrieving identified information and preserving it as evidence. The practice generally includes the imaging of original media in presence of an independent third party. The process also requires being able to document chain-ofcustody so that it can be established in a court law.
Analyze – Involves extracting, processing and interpreting the evidence. Extracted data could be unintelligible binary data after it has been processed and converted into human readable format. Interpreting the data requires an in-depth knowledge of how different pieces of evidences may fit together. The analysis should be performed using an image of media and not the original.
Present -Involves a presentation of the various audiences such as management, attorneys, court, etc.Acceptance of evidence depends upon the manner of presentation, qualification of the presenter, and credibility of the process used to preserve and analyze the evidence.
The following were incorrect answers:
The other options presented are not a valid sequence which needs to be followed in the chain of events in regards to evidence in computer forensic.
Reference:
CISA review manual 2014 Page number367
Please disable your adblocker or whitelist this site!