Which of the following would be MOST appropriate for collecting and preserving evidence?
A.
Encrypted hard drives
B.
Generic audit software
C.
Proven forensic processes
D.
Log correlation software
Explanation:
When collecting evidence about a security incident, it is very important to follow appropriate
forensic procedures to handle electronic evidence by a method approved by local jurisdictions. All
other options will help when collecting or preserving data about the incident; however these data
might not be accepted as evidence in a court of law if they are not collected by a method approved
by local jurisdictions.