which of the following should be the FIRST step?

seenagapeApril 25, 2014

When creating a forensic image of a hard drive, which of the following should be the FIRST step?

PrepAway - Latest Free Exam Questions & Answers

A.
Identify a recognized forensics software tool to create the image.

B.
Establish a chain of custody log.

C.
Connect the hard drive to a write blocker.

D.
Generate a cryptographic hash of the hard drive contents.

Explanation:
The first step in any investigation requiring the creation of a forensic image should always be to
maintain the chain of custody. Identifying a recognized forensics software tool to create the image
is one of the important steps, but it should come after several of the other options. Connecting the
hard drive to a write blocker is an important step, but it must be done after the chain of custody
has been established. Generating a cryptographic hash of the hard drive contents is another
important step, but one that comes after several of the other options.

Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions

This is ONE TIME OFFER

Enter your email address to receive your 50% off dicount code:

SPECIAL OFFER: GET 50% OFF

Use Discount Code:

ISACA Exam Questions

Free ISACA Study Guide

which of the following should be the FIRST step?

Leave a Reply Cancel reply