CompTIA CySA+ (CS0-003) — Question 263

An auditor is reviewing an evidence log associated with a cyber crime. The auditor notices that a gap exists between individuals who were responsible for holding onto and transferring the evidence between individuals responsible for the investigation. Which of the following best describes the evidence handling process that was not property followed?

Answer options

• A. Validating data integrity
• B. Preservation
• C. Legal hold
• D. Chain of custody

Correct answer: D

Explanation

The correct answer is D, Chain of custody, as it refers to the process of maintaining and documenting the handling of evidence to ensure its integrity. The other options, while important in their own rights, do not specifically address the procedural steps involved in tracking evidence between handlers.