The correct answer is D. preserve the evidence.
While all the options are important aspects of incident response, the primary goal in preparing for a third-party forensics investigation is to preserve the digital evidence in its original state. This involves:
Imaging the infected systems: Creating exact copies of the system's hard drives to prevent accidental alteration of the original data.
Isolating the infected systems: Preventing further infection and potential data loss by disconnecting them from the network.
Preserving the evidence chain of custody: Documenting the handling of the evidence to ensure its integrity.
Cleaning the malware is generally not recommended as it can inadvertently alter the evidence and hinder the investigation.
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
mb141
4 months, 3 weeks agoravikisan
5 months, 3 weeks ago