Which of the following needs to be documented to preserve evidences for presentation in court?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
The answer is D. Chain of custody.
Chain of custody refers to the chronological documentation of the seizure, custody, control, transfer, analysis, and disposition of physical or electronic evidence. In a court of law, evidence must be admissible, authentic, reliable, and credible, and the chain of custody establishes the integrity and continuity of the evidence, as well as the accountability and responsibility of the custodians.
The chain of custody must include the following information:
By documenting the chain of custody, an organization can demonstrate that the evidence was obtained legally, preserved accurately, analyzed appropriately, and presented truthfully. The chain of custody also helps to prevent tampering, contamination, loss, or destruction of the evidence, and to ensure the confidentiality, integrity, and availability of the information.
Separation of duties is a security principle that requires different individuals to perform different tasks to prevent fraud, errors, or abuses. Account lockout policy is a security measure that prevents unauthorized access to an account after multiple failed login attempts. Incident response policy is a plan that outlines the procedures and responsibilities for detecting, analyzing, containing, eradicating, and recovering from security incidents. While these policies and procedures may be useful in preserving evidence, they are not specifically designed for that purpose.