Crucial Technologies is conducting post-incident forensics after a possible compromise of a system. Before the system gets to its destination it will pass through numerous employees in the IT department. What document needs to be updated with the system as it makes its way to the proper section?
The answer is chain of custody. Chain of custody is the process of documenting each person that has possession of an object at all times. The chain of custody must be updated with each person that handles the system with the time/date possession began and ended.. This is required to maintain the integrity of the forensics process.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is chain of custody in forensics?
Open an interactive chat with Bash
Why is maintaining the chain of custody important?
Open an interactive chat with Bash
What can happen if the chain of custody is not followed?