CISSP Question #1105: Real Exam Question with Answer & Explanation

Question

What is the MOST important criterion that needs to be adhered to during the data collection process of an active investigation?

Options

• ACapturing an image of the system
• BMaintaining the chain of custody
• CComplying with the organization's security policy
• DOutlining all actions taken during the investigation

Explanation

The most important criterion that needs to be adhered to during the data collection process of an active investigation is maintaining the chain of custody. The chain of custody is the documentation and verification of the history and handling of the evidence, from the time it is collected until the time it is presented in court. The chain of custody should include information such as the date, time, location, description, identifier, collector, custodian, and recipient of the evidence, as well as any changes, modifications, or transfers of the evidence. The chain of custody should also include the signatures or initials of the persons involved in the evidence handling. Maintaining the chain of custody is essential to preserve the integrity, authenticity, and admissibility of the evidence, and to prevent any tampering, alteration, or contamination of the evidence. Capturing an image of the system, complying with the organization's security policy, and outlining all actions taken during the investigation are also important criteria that need to be adhered to during the data collection process of an active investigation, but they are not as important as maintaining the chain of custody. Capturing an image of the system is a technique of creating a bit-by-bit copy of the original data source, such as a hard drive, memory, or network traffic, without altering or affecting the original data. Capturing an image of the system can help to preserve the volatile or ephemeral data, and to analyze the data in a safe and controlled environment. Complying with the organization's security policy is a requirement of following the rules and standards that govern the security objectives and practices of the organization. Complying with the organization's security policy can help to ensure the legality, ethics, and consistency of the investigation, and to avoid any conflicts of interest or violations of privacy. Outlining all actions taken during the investigation is a method of documenting and reporting the activities and findings of the investigation. Outlining all actions taken during the investigation can help to communicate the results and recommendations of the investigation, and to support the evidence and conclusions of the investigation.

No community discussion yet for this question.