Certified Information Systems Auditor (CISA) — Question 635

Which of the following is MOST important to include in forensic data collection and preservation procedures?

Answer options

• A. Maintaining chain of custody
• B. Preserving data integrity
• C. Assuring the physical security of devices
• D. Determining tools to be used

Correct answer: A

Explanation

Maintaining chain of custody is essential because it ensures that the evidence collected is admissible in court by documenting who collected it and how it was handled. While preserving data integrity and physical security are important, without a proper chain of custody, the evidence's reliability can be questioned. Determining tools to be used is a procedural step but does not directly impact the legal validity of the collected data.