Sep 30 • 🙋♂️ CISSP
CISSP Practice Question – Investigations & Forensics
During an internal investigation of suspected data theft, the incident response team collects a laptop from an employee’s desk. To preserve admissibility of evidence, which of the following is the MOST important step to take FIRST?
A. Create a forensic image of the laptop using a write blocker.
B. Power down the laptop to prevent further tampering.
C. Document the time, date, and individuals involved in seizing the device.
D. Secure the laptop in a locked evidence cabinet.
3
16 comments
CISSP Practice Question – Investigations & Forensics
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+45
2
+30
3
+30
4
+26
5
+15
Powered by