Why is the investigation of computer crime involving malicious damage especially challenging?
A.
Information stored in a computer is intangible evidence.
B.
Evidence may be destroyed in an attempt to restore the system.
C.
Isolating criminal activity in a detailed audit log is difficult.
D.
Reports resulting from common user error often obscure the actual violation.
Explanation:
The gathering, control, storage, and preservation of evidence are extremely critical
in any legal investigation. Because evidence involved in a computer crime might be intangible and
subject to easy modification without a trace, evidence must be carefully handled and controlled
throughout its entire life cycle. -Ronald Krutz The CISSP PREP Guide (gold edition) pg 432
check
0
0
The answer chosen has no relevance to the explanation. Everything that Mr Krutz has said refers to the work of the investigators. They would not be the one’s working with the system restore. That would be the system IT staff and if they have already destroyed the evidence coz of their incompetence then there is no ‘challenge’ left for the investigators. Actually their work has gotten easier..
0
0