CISM Certified Information Security Manager – Question1407
Which of the following would be MOST appropriate for collecting and preserving evidence? A. Encrypted hard drives B. Generic audit software C. Proven forensic processes D. Log correlation software
Correct Answer: C
Explanation:
Explanation: When collecting evidence about a security incident, it is very important to follow appropriate forensic procedures to handle electronic evidence by a method approved by local jurisdictions. All other options will help when collecting or preserving data about the incident; however, these data might not be accepted as evidence in a court of law if they are not collected by a method approved by local jurisdictions.
Please disable your adblocker or whitelist this site!