The incident response team has received the following email message.
From: monitor@ext-company.com
To: security@company.com
Subject: Copyright infringement
A copyright infringement alert was triggered by IP address 13.10.66.5 at 09: 50: 01 GMT. After reviewing the following web logs for IP 13.10.66.5, the team is
unable to correlate and identify the incident.
09: 45: 33 13.10.66.5 http: //remote.site.com/login.asp?user=john
09: 50: 22 13.10.66.5 http: //remote.site.com/logout.asp?user=anne
10: 50: 01 13.10.66.5 http: //remote.site.com/access.asp?file=movie.mov
11: 02: 45 13.10.65.5 http: //remote.site.com/download.asp?movie.mov=ok
Which of the following is the MOST likely reason why the incident response team is unable to identify and correlate the incident?

A.
The logs are corrupt and no longer forensically sound.

B.
Traffic logs for the incident are unavailable.

C.
Chain of custody was not properly maintained.

D.
Incident time offsets were not accounted for.

Explanation:
It is quite common for workstation times to be off slightly from actual time, and that can happen with servers as well. Since a forensic investigation is usually
dependent on a step-by-step account of what has happened, being able to follow events in the correct time sequence is critical. Because of this, it is imperative to
record the time offset on each affected machine during the investigation. One method of assisting with this is to add an entry to a log file and note the time that this
was done and the time associated with it on the system.
Incorrect Answers:
A: Corrupted logs would indicate that it had been tampered with and in this case there is no mention of logs being corrupted, in fact it can still be reviewed
successfully.
B: The logs have been reviewed is mentioned in the question thus it is not a matter of it being unavailable.
C: The chain of custody in forensics refers to how evidence is secured, where it is stored, and who has access to it. In this case the evidence is clearly available,

etc.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 453, 448