Isaca Certified Information Systems Auditor CISA Question # 227 Topic 23 Discussion
CISA Exam Topic 23 Question 227 Discussion:
Question #: 227
Topic #: 23
An organization that has suffered a cyber-attack is performing a forensic analysis of the affected users ' computers. Which of the following should be of GREATEST concern for the IS auditor reviewing this process?
A.
An imaging process was used to obtain a copy of the data from each computer.
B.
The legal department has not been engaged.
C.
The chain of custody has not been documented.
D.
Audit was only involved during extraction of the Information
The chain of custody has not been documented is a finding that should be of greatest concern for an IS auditor reviewing a forensic analysis process of an organization that has suffered a cyber attack. The chain of custody is a record of who handled, accessed, or modified the evidence during a forensic investigation. Documenting the chain of custody is essential to preserve the integrity, authenticity, and admissibility of the evidence in a court of law. The other options are less concerning findings that may not affect the validity or reliability of the forensic analysis process. References:
CISA Review Questions, Answers and Explanations Database, Question ID 220
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit