The given answer is correct, because the question states "When performing an investigation " - it means the investigation process has already been started implying that you have been authorized to collect any pertinent info, therefore CoC is the right answer!
Although I agree chain-of-custody is critically important, if you are not authorized to collect the data, via banner, consent, or a search warrant, then nothing else matters because none of it will be able to be used in court.
Without proper authorization, any evidence collected could be inadmissible in court, rendering the investigation fruitless.
This includes:
Legal warrants or subpoenas: If required by jurisdiction.
Company policies and procedures: Outlining data handling and investigation protocols.
Consent from relevant parties: If necessary, obtaining permission to access data.
I think it's B.
The existence of opinions stating D is likely due to the investigation and documentation of the possibility of legal measures. If legal measures are not taken, D seems meaningless, and what is the criteria for acceptability in the courtroom in the first place?
What ever investigation or evidence you collect, the first thing is to ensure its admissible in court. Court admissibility encompasses Chain-of-Custody and Authorization to collect. Its basic. I will choose D. What ever you do, ensure court admissibility first
The question of "Authorization to collect" (Option C) versus "Chain-of-custody" (Option B) is a nuanced one. Both are critically important in a legal investigation. However, the sequence in which they matter is the distinction.
Before an analyst can even worry about maintaining a proper chain-of-custody, they first need to ensure they have the proper legal and/or organizational authority to collect the evidence in the first place. Collecting evidence without proper authorization can render the evidence inadmissible in court or potentially lead to legal consequences for the analyst or their organization.
Once the evidence is legally and properly collected, the chain-of-custody becomes paramount. It ensures that the evidence has been handled, stored, and transferred in a way that maintains its integrity and authenticity.
In essence, without proper authorization to collect, the chain-of-custody is moot because the evidence shouldn't have been collected in the first place. That's why "Authorization to collect" is the FIRST consideration in the context of the question.
The importance of chain-of-custody in investigations is defined in various legal and regulatory frameworks. For example, in the United States, the Federal Rules of Evidence and the Daubert standard require that evidence presented in court be relevant, reliable, and obtained through proper procedures. The chain-of-custody is critical in establishing the reliability and authenticity of evidence. Additionally, the International Organization for Standardization (ISO) provides guidelines for the management of digital evidence, including the importance of maintaining the chain-of-custody. Finally, in the context of the CISSP certification, the importance of chain-of-custody is discussed in the Information Security Governance and Risk Management domain.
B. Chain-of-custody. Without it the evidence is probably not admissible in court. "authorization to collect" has nothing to do with collecting evidence, it's about picking up documents.
The question says First Consideration.
Then, I will keep option D for later stage. Because I can later decide what is admissible and what is not.
both Options B and C make sense to me. But C seems should be considered first.
What if you maintain the chain-of-custody, but the evidence collected was illegal?
C comes before an investigation starts.
In this scenario the investigation was already started, so the authorization was granted.
There is no dedicated need for "data collection" within the investigation process.
C.
The first step of Investigation Process is Gathering Evidence which includes.
First, voluntarily surrender
Second, a subpoena
Third, the plain view doctrine
fourth, a search warrant
OSG P919
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
projtfer
Highly Voted 2 years, 1 month agoklarak
7 months, 1 week ago0211e3f
4 weeks agofranbarpro
Highly Voted 2 years, 1 month agojackdryan
1 year, 6 months agodeeden
Most Recent 3 months, 2 weeks agoCCNPWILL
7 months agohomeysl
8 months, 1 week ago[Removed]
11 months, 3 weeks agomikelartetawabon
11 months, 4 weeks agomikelartetawabon
11 months, 4 weeks agowilliom
1 year, 1 month ago74gjd_37
1 year, 2 months agoHughJassole
1 year, 5 months agooudmaster
1 year, 11 months agodmo_d
1 year, 6 months agodmo_d
1 year, 6 months agoIvanchun
1 year, 11 months agoFiredragon
2 years agoJamati
2 years agoRollizo
2 years, 1 month agobrb77
2 years, 2 months ago