Certified Information Security Manager (CISM) — Question 1146

Which of the following is an essential practice for workstations used to conduct a forensic investigation?

Answer options

• A. A documented chain of custody log is kept for the workstations
• B. The workstations are only accessed by members of the forensics team
• C. Only forensics-related software is installed on the workstations
• D. The workstations are backed up and hardened on a regular basis

Correct answer: B

Explanation

The correct answer is B because restricting access to the workstations to only forensics team members ensures that the integrity of the investigation is maintained and prevents tampering. While options A, C, and D are important practices, they do not directly address the necessity of controlled access, which is vital for maintaining evidence integrity.