Certified Information Systems Auditor (CISA) — Question 492

An organization that has suffered a cyberattack is performing a forensic analysis of the affected users' computers. Which of the following should be of GREATEST concern for the IS auditor reviewing this process?

Answer options

• A. The chain of custody has not been documented.
• B. An imaging process was used to obtain a copy of the data from each computer.
• C. Audit was only involved during extraction of the information.
• D. The legal department has not been engaged.

Correct answer: A

Explanation

The chain of custody is crucial in forensic analysis as it ensures the integrity and authenticity of the evidence collected. Without proper documentation, the findings could be challenged in court, undermining the investigation. The other options, while relevant, do not impact the legal admissibility of the evidence as significantly as the chain of custody does.