What does the term 'chain of custody' refer to in the context of log collection?

• A. The proper handling and documentation of evidence to maintain its integrity.
• B. The chain of command for incident response.
• C. The sequence of log encryption steps.
• D. The policy for storing logs in the cloud.

Answer: (A)

Maintaining the integrity of collected logs relies on proper handling and documentation across the log’s lifecycle. Chain of custody is the auditable trail that shows exactly who handled the logs, when they were collected, where they’ve been stored, and what was done to them along the way. In practice, this means following a documented collection procedure, preserving the original logs, verifying their integrity with hashes or other checks, limiting access and logging every access or transfer, and recording any copies or modifications. This ensures the logs presented as evidence are trustworthy and have not been altered since collection, which is essential for investigations, audits, or legal scenarios. Encryption and cloud storage are important for confidentiality and availability, but they address different concerns; chain of custody specifically ensures traceable, verifiable handling to maintain integrity.