Certified Incident Handler (ECIH v3) — Question 69

Organizations or incident response teams need to protect the evidence for any future legal actions that may be taken against perpetrators that intentionally attacked the computer system. EVIDENCE PROTECTION is also required to meet legal compliance issues. Which of the following documents helps in protecting evidence from physical or logical damage:

Answer options

• A. Network and host log records
• B. Chain-of-Custody
• C. Forensic analysis report
• D. Chain-of-Precedence

Correct answer: B

Explanation

The Chain-of-Custody document is vital because it ensures that evidence is properly documented and preserved, preventing tampering or loss. While network logs, forensic reports, and precedence documents may provide valuable information, they do not specifically address the protection and integrity of evidence like the Chain-of-Custody does.