Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
At what point in a computer security investigation does a "chain of evidence" need to be initiated?
When a company or contractor investigation team member collects anything as evidence.
When Law Enforcement is called into the investigation.
When a senior management official invokes "chain of evidence" on the investigation.
When anything is identified or collected as evidence in the investigation.
Computer forensics is the equivalent of surveying a crime scene or performing an autopsy on a victim" (James Borek 2001). “Forensic Computing is the process of identifying, preserving, analysing and presenting digital evidence in a manner that is legally acceptable.” (Rodney McKemmish 1999) Acquiring evidence must be accomplished in a manner both deliberate and legal. Being able to document and authenticate the chain of evidence is crucial when pursuing a court case, and this is especially true for computer forensics given the complexity of most cybersecurity cases. Therefore when anything is identified or collected as evidence in an investigation, an official chain of custody captured by qualified personnel is required to admissible. This is garbage. If ignoring the law enforcement relationship a proper answer should read: When required in accordance with company Policy.
Train with Skillset and pass your certification exam. Faster. Guaranteed.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.