A. Affidavit of evidence
B. Chain of custody
C. Chain of forensics
D. Access authorization
Over 375 practice test questions in this book:
CompTIA Security+: Get Certified Get Ahead: SY0-201 Study Guide
Answer: B. A chain of custody verifies that evidence presented in court is the same evidence that was collected; a chain of custody should be established when seizing any evidence. The other documents listed won’t take the place of chain of custody documentation.
This question is related to objective :
6.3 Differentiate between and execute appropriate incident response procedures.
- Chain of custody