CompTIA CySA+ (CS0-001) — Question 207
An ATM in a building lobby has been compromised. A security technician has been advised that the ATM must be forensically analyzed by multiple technicians.
Which of the following items in a forensic tool kit would likely be used FIRST? (Choose two.)
Answer options
- A. Drive adapters
- B. Chain of custody form
- C. Write blockers
- D. Crime tape
- E. Hashing utilities
- F. Drive imager
Correct answer: B, C
Explanation
The Chain of custody form (B) is essential for documenting the evidence handling process, ensuring that the integrity of the evidence is maintained. Write blockers (C) are crucial for preventing any alterations to the data on the ATM's storage device during the forensic analysis. The other options, while useful in forensic investigations, do not take precedence in the initial steps of evidence collection and preservation.