During an investigation, logs from multiple devices were collected to analyze suspicious activity. The team wants to create a reliable sequence of events and preserve the data for future review. Which action is most effective for building a chain-of-events record and maintaining proof of integrity?
Exclude sources that have time discrepancies to streamline the final data set before analysis
Consolidate all records in a central data store with checksums for each log, aligning timestamps from a reliable clock
Upload all findings to a public threat feed for external feedback and correlation
Gather event details in a basic worksheet, adjusting times by hand and storing it on a local system
Combining all logs in one secure central location and verifying each entry with hashing helps investigators confirm integrity. Time source alignment is necessary to prevent confusion from mismatched clock settings. Storing everything locally in a spreadsheet can lead to errors and make it less defensible. Rejecting logs that don't match is risky, as it might remove valuable evidence. Publicly releasing data raises concerns about protecting sensitive info and complicates the integrity of the material.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is it important to align timestamps from a reliable clock when consolidating logs?
Open an interactive chat with Bash
What role do checksums or hashing play in maintaining log integrity?
Open an interactive chat with Bash
Why is it risky to exclude logs with time discrepancies during an investigation?