Why is the investigation of computer crime involving malicious damage especially challenging?
A.
Information stored in a computer is intangible evidence.
B.
Evidence may be destroyed in an attempt to restore the system.
C.
Isolating criminal activity in a detailed audit log is difficult.
D.
Reports resulting from common user error often obscure the actual violation.
Explanation:
The gathering, control, storage, and preservation of evidence are extremely critical in any legal
investigation. Because evidence involved in a computer crime might be intangible and subject to
easy modification without a trace, evidence must be carefully handled and controlled throughout its
entire life cycle. -Ronald Krutz The CISSP PREP Guide (gold edition) pg 432