CISM · Question #267
CISM Question #267: Real Exam Question with Answer & Explanation
The correct answer is A: the chain of custody.. Chain of custody is the paramount concern in computer forensics because it establishes the integrity and legal admissibility of all evidence collected. If chain of custody is broken - meaning the evidence cannot be accounted for at every step from collection to court - the eviden
Question
When performing a computer forensics investigation, a security incident response team leader should be MOST concerned with:
Options
- Athe chain of custody.
- Bthe efficiency of team members.
- Cinforming the legal department.
- Devidence analysis.
Explanation
Chain of custody is the paramount concern in computer forensics because it establishes the integrity and legal admissibility of all evidence collected. If chain of custody is broken - meaning the evidence cannot be accounted for at every step from collection to court - the evidence may be challenged and excluded, undermining any legal or disciplinary action. Evidence analysis (D) cannot happen meaningfully without first securing the evidence's integrity. Team efficiency (B) is operationally desirable but secondary to legal defensibility. Informing the legal department (C) is important but is a parallel action, not the core forensic responsibility. Chain of custody must be established before and throughout all other activities.
Topics
Community Discussion
No community discussion yet for this question.