Which of the following scenarios would enable a forensic investigation?
A. The suspected computer was rebooted, and the evidence log file was converted to a readable format for further analysis.
B. The incident response team prepared a final report for the forensic investigator and deleted the original file securely to avoid further damage.
C. The media in question was preserved using imaging, and chain of custody was documented according to the organization’s incident response plan.
D. Incident response team members extracted the logs showing the suspicious activity and added their notes before submitting for investigation.
A. The suspected computer was rebooted, and the evidence log file was converted to a readable format for further analysis.
B. The incident response team prepared a final report for the forensic investigator and deleted the original file securely to avoid further damage.
C. The media in question was preserved using imaging, and chain of custody was documented according to the organization’s incident response plan.
D. Incident response team members extracted the logs showing the suspicious activity and added their notes before submitting for investigation.