medium
Single Answer
0Jason is conducting a forensic investigation and has retrieved artifacts in addition to drives and files. What should he do to document the artifacts he has acquired?
Answer Options
A
Image them using dd and ensure that a valid MD5sum is generated.
B
Take a picture of them, label them, and add them to the chain-of-custody documentation.
C
Contact law enforcement to properly handle the artifacts.
D
Engage legal counsel to advise him how to handle artifacts in an investigation.
Correct Answer: B
Explanation
When artifacts are acquired as part of an investigation, they should be logged and documented as part of the evidence related to the investigation. Artifacts could include a piece of paper with passwords on it, tools or technology related to an exploit or attack, smartcards, or any other element of an investigation.