What would be the BEST source?

Evidence from a compromised server has to be acquired for a forensic investigation. What would
be the BEST source?

Evidence from a compromised server has to be acquired for a forensic investigation. What would
be the BEST source?

A.
A bit-level copy of all hard drive data

B.
The last verified backup stored offsite

C.
Data from volatile memory

D.
Backup servers

Explanation:

The bit-level copy image file ensures forensic quality evidence that is admissible in a court of law.
Choices B and D may not provide forensic quality data for investigative work, while choice C alone
may not provide enough evidence.



Leave a Reply 0

Your email address will not be published. Required fields are marked *