Free Preparation Discussions
MENU
Eccouncil 212-89 Exam - Topic 1 Question 96 Discussion
Topic #: 1
Logan, an incident handler, ensures the chain of custody is documented while handling backup media post-attack. The goal is to preserve evidence integrity while restoring critical systems. Which recovery principle is Logan adhering to?
The EC-Council Incident Handler (ECIH) curriculum stresses the importance of maintaining evidence integrity during recovery operations. Documenting the chain of custody ensures that evidence remains admissible in legal proceedings and maintains forensic validity.
Chain of custody documentation tracks who handled the evidence, when it was accessed, how it was stored, and what actions were performed. This aligns directly with forensic compliance principles, which require proper evidence preservation, documentation, and controlled handling procedures.
While restoring systems, responders must ensure that backup media and affected systems are handled in a way that does not compromise evidence. ECIH emphasizes that recovery should not destroy or contaminate forensic artifacts that may be required for legal, regulatory, or disciplinary action.
Option B (Network segmentation) relates to containment strategies. Option C (Immutable infrastructure) refers to architectural resilience models. Option D (Enhanced authentication) concerns access control, not evidence handling.
Therefore, Logan is adhering to forensic compliance principles during recovery.
Currently there are no comments in this discussion, be the first to comment!