Which of the following would be MOST appropriate for collecting and preserving evidence?
A.
Encrypted hard drives
B.
Generic audit software
C.
Proven forensic processes
D.
Log correlation software
Explanation:
When collecting evidence about a security incident, it is very important to follow appropriate forensic procedures to handle electronic evidence by a method approved by local jurisdictions. All other options will help when collecting or preserving data about the incident; however, these data might not be accepted as evidence in a court of law if they are not collected by a method approved by local jurisdictions.