Which of the following should the junior analyst have followed?

CAS-003 0 Comments

During a security event investigation, a junior analyst fails to create an image of a server’s hard drive before removing the drive and sending it to the forensics analyst. Later, the evidence from the analysis is not usable in the prosecution of the attackers due to the uncertainty of tampering.

Which of the following should the junior analyst have followed?
A . Continuity of operations
B . Chain of custody
C . Order of volatility
D . Data recovery

Answer: C

Latest CAS-003 Dumps Valid Version with 509 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download CAS-003 PDF     CAS-003 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments