CompTIA A+ Core 2 (220-1002) — Question 205

Following an incident, an administrator is gathering forensic evidence from a server for a human resources investigation.
Which of the following best practices is MOST important to document throughout the process to maintain integrity of the findings?

Answer options

• A. Acceptable use policy violations
• B. Server configuration
• C. Chain of custody
• D. Data loss incidents

Correct answer: C

Explanation

The chain of custody is crucial in forensic investigations as it ensures that all evidence is properly tracked and accounted for, maintaining its integrity. Without a documented chain of custody, the evidence could be deemed unreliable or inadmissible in any proceedings. The other options, while important, do not directly address the preservation of evidence integrity.