CompTIA Security+ (SY0-501) — Question 164

A security analyst captures forensic evidence from a potentially compromised system for further investigation. The evidence is documented and securely stored to
FIRST:

Answer options

• A. maintain the chain of custody.
• B. preserve the data.
• C. obtain a legal hold.
• D. recover data at a later time.

Correct answer: B

Explanation

The primary goal of documenting and securely storing the evidence is to preserve the data, ensuring that it remains intact and unaltered for analysis. While maintaining the chain of custody (A) and obtaining a legal hold (C) are also important processes, they are secondary to the immediate need to preserve the integrity of the data. Recovering data at a later time (D) is not relevant to the initial step of securing forensic evidence.