A recent intrusion has resulted in the need to perform incident response procedures. The incident
response team has identified audit logs throughout the network and organizational systems which
hold details of the security breach. Prior to this incident, a security consultant informed the
company that they needed to implement an NTP server on the network. Which of the following is a
problem that the incident response team will likely encounter during their assessment?

A.
Chain of custody

B.
Tracking man hours

C.
Record time offset

D.
Capture video traffic

Explanation:
It is quite common for workstation as well as server times to be off slightly from actual time. Since
a forensic investigation is usually dependent on a step-by-step account of what has happened,
being able to follow events in the correct time sequence is critical. Because of this, it is imperative
to record the time offset on each affected machine during the investigation. One method of
assisting with this is to add an entry to a log file and note the time that this was done and the time
associated with it on the system. There is no mention that this was done by the incident response
team.