Exam CS0-003 Topic 1 Question 168 Discussion
Actual exam question for CompTIA's CS0-003 exam
Question #: 168
Topic #: 1
Question #: 168
Topic #: 1
An auditor is reviewing an evidence log associated with a cybercrime. The auditor notices that a gap exists between individuals who were responsible for holding onto and transferring the evidence between individuals responsible for the investigation. Which of the following best describes the evidence handling process that was not properly followed?
Suggested Answer: D Vote an answer
Comprehensive and Detailed Explanation:
The chain of custody is a documented history that tracks how evidence is handled, collected, transported, and preserved at every stage of the forensic investigation. If a gap exists in the record of who transferred or accessed the evidence, it could call into question the integrity and admissibility of the evidence.
* Validating data integrity (Option A) refers to ensuring that the forensic image is identical to the original data, often using cryptographic hashing, but it does not address procedural gaps in documentation.
* Preservation (Option B) involves protecting the original evidence from modification or loss but does not include logging transfers of custody.
* Legal hold (Option C) refers to a requirement to preserve data for legal proceedings, which is different from tracking evidence handling.
Thus, the correct answer is D, as chain of custody directly relates to tracking who had access to the evidence and when.
The chain of custody is a documented history that tracks how evidence is handled, collected, transported, and preserved at every stage of the forensic investigation. If a gap exists in the record of who transferred or accessed the evidence, it could call into question the integrity and admissibility of the evidence.
* Validating data integrity (Option A) refers to ensuring that the forensic image is identical to the original data, often using cryptographic hashing, but it does not address procedural gaps in documentation.
* Preservation (Option B) involves protecting the original evidence from modification or loss but does not include logging transfers of custody.
* Legal hold (Option C) refers to a requirement to preserve data for legal proceedings, which is different from tracking evidence handling.
Thus, the correct answer is D, as chain of custody directly relates to tracking who had access to the evidence and when.
by Henry at Apr 09, 2025, 07:18 AM
Contact Us
If you have any question please leave me your email address, we will reply and send email to you in 12 hours.
Our Working Time: ( GMT 0:00-15:00 ) From Monday to Saturday
Support: Contact now
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).