Evidence from a compromised server has to be acquired for a forensic investigation. What would
be the BEST source?
A.
A bit-level copy of all hard drive data
B.
The last verified backup stored offsite
C.
Data from volatile memory
D.
Backup servers
Explanation:
The bit-level copy image file ensures forensic quality evidence that is admissible in a court of law.
Choices B and D may not provide forensic quality data for investigative work, while choice C alone
may not provide enough evidence.