Last Updated on August 1, 2021 by Admin 2
According to SP 800-86, which of the following is NOT an important factor when prioritizing potential data sources if evidence?
- volatility
- time involved
- likely value
- effort required
The amount of time involved in the collection is NOT one of the three considerations covered by SP 800-86. They are (quoted directly from SP 800-86):
– Likely Value. Based on the analysts understanding of the situation and previous experience in similar situations, the analyst should be able to estimate the relative likely value of each potential data source.
– Volatility. Volatile data refers to data on a live system that is lost after a computer is powered down or due to the passage of time. Volatile data may also be lost as a result of other actions performed on the system. In many cases, acquiring volatile data should be given priority over non-volatile data. However, non-volatile may also be somewhat dynamic in nature (e.g., log files that are overwritten as new events occur).
– Amount of Effort Required. The amount of effort required to acquire different data sources may vary widely. The effort involves not only the time spent by analyst and others within the organization (including legal advisors) but also the cost of equipment and services (e.g., outside experts). For example, acquiring data from a network router would probably require much less effort than acquiring data from an ISP.