A desktop computer that was involved in a computer security incident should be secured as evidence by:

A desktop computer that was involved in a computer security incident should be secured as
evidence by:

A desktop computer that was involved in a computer security incident should be secured as
evidence by:

A.
disconnecting the computer from all power sources.

B.
disabling all local user accounts except for one administrator.

C.
encrypting local files and uploading exact copies to a secure server.

D.
copying all files using the operating system (OS) to write-once media.

Explanation:

To preserve the integrity of the desktop computer as an item of evidence, it should be immediately
disconnected from all sources of power. Any attempt to access the information on the computer by
copying, uploading or accessing it remotely changes the operating system (OS) and temporary
files on the computer and invalidates it as admissible evidence.



Leave a Reply 0

Your email address will not be published. Required fields are marked *