Cisco
210-255 · Question #158
210-255 Question #158: Real Exam Question with Answer & Explanation
The correct answer is A: it must be preserved and its integrity verified.. A foundational principle of digital forensics is that collected evidence must be preserved in its original state and its integrity verified, typically through cryptographic hashing.
Security Policies and Procedures
Question
Which statement about the collected evidence data when performing digital forensics is true?
Options
- Ait must be preserved and its integrity verified.
- BIt must be copied to external storage media and immediately distributed to the CISO.
- CIt must be stored in a forensics lab only by the data custodian.
- DIt must be deleted as soon as possible due to PCI compliance.
Explanation
A foundational principle of digital forensics is that collected evidence must be preserved in its original state and its integrity verified, typically through cryptographic hashing.
Common mistakes.
- B. Immediately distributing evidence to the CISO violates chain-of-custody procedures and introduces unnecessary risk of evidence contamination or unauthorized handling.
- C. While a forensics lab is a suitable environment, evidence handling is not restricted solely to a data custodian - authorized forensic analysts, legal teams, and law enforcement may also handle properly documented evidence.
- D. Deleting forensic evidence violates chain-of-custody requirements, legal hold obligations, and potentially obstructs investigations regardless of PCI compliance considerations.
Concept tested. Digital forensics evidence preservation and integrity
Reference. https://www.nist.gov/system/files/documents/2017/04/28/forensics-overview.pdf
Topics
#digital forensics#evidence integrity#evidence preservation#chain of custody
Community Discussion
No community discussion yet for this question.