Which of the following should Jane, a security administrator, perform before a hard drive is analyzed with
Identify user habits
Disconnect system from network
Capture system image
Capturing an image of the operating system in its exploited state can be helpful in revisiting the issue after the
fact to learn more about it. Very much as helpful in same way that a virus sample is kept in laboratories to study
later after a breakout. Also, you should act in the order of volatility which states that the system image capture
is first on the list of a forensic analysis.