CS0-003 · Question #638
CS0-003 Question #638: Real Exam Question with Answer & Explanation
The correct answer is B: Chain of custody failure. For evidence to be admissible in a legal prosecution, strict chain of custody must be maintained when handling drives, logs, and memory captures. Pulling drives or handling evidence without documented, continuous custody introduces doubt about integrity, which is the most likely
Question
An incident responder is investigating a possible server data exfiltration incident with the intent to prosecute if necessary. The responder: - Captures live memory and an image of the drives. - Is given a copy of the firewall logs. - Pulls the drives from the server. Which of the following would most likely create an issue?
Options
- ALack of network capture
- BChain of custody failure
- CCorrupt drives
- DEncrypted files
Explanation
For evidence to be admissible in a legal prosecution, strict chain of custody must be maintained when handling drives, logs, and memory captures. Pulling drives or handling evidence without documented, continuous custody introduces doubt about integrity, which is the most likely issue.
Topics
Community Discussion
No community discussion yet for this question.