Question 1367 - CISM Certified Information Security Manager

Evidence from a compromised server has to be acquired for a forensic investigation. What would be the BEST source?

A. A bit-level copy of all hard drive data
B. The last verified backup stored offsite
C. Data from volatile memory
D. Backup servers

Correct Answer: A

Explanation:

Explanation:
The bit-level copy image file ensures forensic quality evidence that is admissible in a court of law. Choices B and D may not provide forensic quality data for investigative work, while choice C alone may not provide enough evidence.

CISM Certified Information Security Manager

Tag: Question 1367

CISM Certified Information Security Manager – Question1367