Securing a Computer Suspected of Hosting Illegal Files

Securing a Computer Suspected of Hosting Illegal Files

Question

A user's computer is suspected of hosting illegal files.

The IT department has removed the computer and placed it in a secured, cypher-locked room, where it will remain until the local authorities arrive.

Which of the following actions should the IT department perform NEXT?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

A.

In this scenario, the IT department has already taken action by removing the user's computer and securing it in a locked room. The next step should be to follow a proper protocol for handling such incidents.

The correct answer is D: Report through proper channels.

Reporting through proper channels is a critical step in any incident response procedure. It is important to report the incident to the relevant authorities, such as law enforcement or the organization's legal team. The IT department should document the incident and provide all necessary information to the appropriate personnel.

Preserving data integrity is important, but it should be done as part of the incident response process, not necessarily as the next step. The IT department may need to collect evidence from the computer, which requires preserving the integrity of the data.

Identifying violations of acceptable use is not the most critical step in this scenario. While it is important to identify any policy violations or inappropriate behavior, this step should come after reporting the incident and collecting evidence.

Collecting evidence of illegal activity is a critical step, but it should be done after reporting the incident to the relevant authorities. The authorities may have specific procedures for collecting evidence, and it is important to follow their guidance to ensure the evidence is admissible in court.

In summary, after securing the computer, the IT department should report the incident to the relevant authorities and follow their guidance on how to proceed.