Security+ Answer Forensic Analysis

Here’s the Answer to the Question posted on Facebook

Q. Security personnel confiscated a user’s workstation after a security incident. Administrators removed the hard drive for forensic analysis, but left it unattended for several hours before capturing an image. What could prevent the company from taking the employee to court over this incident?

A. Witnesses were not identified.

B. A chain of custody was not maintained.

C. An order of volatility was not maintained.

D. A hard drive analysis was not complete.

Answer available until December 3, 2015.

Get over 400 Security+ (SY0-401 questions here).SY0-401 Get Certified Get Ahead

See Chapter 11 of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide.

Get Certified Get Ahead Security+ SY0-401

Check out Security+ blogs here.