CompTIA Security+ (SY0-601) — Question 273

An incident response technician collected a mobile device during an investigation. Which of the following should the technician do to maintain chain of custody?

Answer options

• A. Document the collection and require a sign-off when possession changes.
• B. Lock the device in a safe or other secure location to prevent theft or alteration.
• C. Place the device in a Faraday cage to prevent corruption of the data.
• D. Record the collection in a blockchain-protected public ledger.

Correct answer: A

Explanation

The correct answer is A because documenting the collection and requiring a sign-off ensures that there is a clear record of who has handled the device, which is essential for maintaining the integrity of the evidence. Options B, C, and D, while they provide security and protection, do not specifically address the need for documented transfer of custody, which is crucial in legal contexts.