The correct answer is D. preserve the evidence.
While all the options are important aspects of incident response, the primary goal in preparing for a third-party forensics investigation is to preserve the digital evidence in its original state. This involves:
Imaging the infected systems: Creating exact copies of the system's hard drives to prevent accidental alteration of the original data.
Isolating the infected systems: Preventing further infection and potential data loss by disconnecting them from the network.
Preserving the evidence chain of custody: Documenting the handling of the evidence to ensure its integrity.
Cleaning the malware is generally not recommended as it can inadvertently alter the evidence and hinder the investigation.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
mb141
4 months agoravikisan
4 months, 4 weeks ago