CompTIA Network+ (N10-006) — Question 81

Which of the following should a first responder perform when arriving at a site to perform a basic forensic investigation?

Answer options

• A. Isolate the area and block radio transmissions to the device.
• B. Search for hidden storage devices and duplicate them on site.
• C. Power off all computers and devices to stop them from erasing data.
• D. Utilize a strong magnet to secure all data on drives from being erased.

Correct answer: B

Explanation

The correct answer is B because during a forensic investigation, it is crucial to identify and duplicate any hidden storage devices immediately to preserve evidence. Options A, C, and D could disrupt or damage the potential evidence, as isolating the area and blocking transmissions may not be necessary and powering off devices could lead to data loss.