After a system has been compromised, which activity is expected if you plan to analyze the
system for a legal investigation?
A.
Keeping the system in the production environment until analysis is required
B.
Removing the system immediately from the production environment
C.
Keeping the system RAM in a separate environment
D.
Removing the hard drive
Explanation: