The correct answer is D. Chain of custody process , because chain of custody ensures that evidence collected during an incident response is tracked, preserved, and legally defensible . It documents who collected the evidence, when it was collected, how it was stored, and who accessed it throughout the investigation.
According to the Quentin Docter – CompTIA A+ Complete Study Guide , chain of custody is essential when evidence may be used in disciplinary actions, audits, or legal proceedings. Any gap in documentation can render evidence inadmissible.
The Travis Everett & Andrew Hutz – All-in-One Exam Guide explains that chain of custody provides accountability and prevents claims of evidence tampering. Each transfer of evidence must be logged and verified.
The Mike Meyers / Mark Soper Lab Manual clarifies that while order of volatility determines the sequence of data collection, it does not track ownership or handling. Data integrity best practices ensure evidence is not altered, but they do not provide a record of custody.
Because the question focuses on handling and accountability , the required process is chain of custody , making D the correct answer.
Submit