GIAC
GSEC · Question #91
GSEC Question #91: Real Exam Question with Answer & Explanation
Sign in or unlock GSEC to reveal the answer and full explanation for question #91. The question stem and answer options stay visible for context.
Question
The following three steps belong to the chain of custody for federal rules of evidence. What additional step is recommended between steps 2 and 3? STEP 1 - Take notes: who, what, where, when and record serial numbers of machine(s) in question. STEP 2 - Do a binary backup if data is being collected. STEP 3 - Deliver collected evidence to law enforcement officials.
Options
- ARebuild the original hard drive from scratch, and sign and seal the good backup in a plastic bag.
- BConduct a forensic analysis of all evidence collected BEFORE starting the chain of custody.
- CTake photographs of all persons who have had access to the computer.
- DCheck the backup integrity using a checksum utility like MD5, and sign and seal each piece of
Unlock GSEC to see the answer
You've previewed enough free GSEC questions. Unlock GSEC for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.