CompTIA CASP+ Practice Test

What is the best order for extracting evidence from a mobile device suspected of leaking sensitive information?

• A. Device isolation, evidence intake, documentation, reporting.
• B. Evidence intake, device identification, data processing, reporting.
• C. Documentation, presentation, device isolation, verification.
• D. Device identification, data processing, preparation, device isolation.

The correct answer is: Evidence intake, device identification, data processing, reporting.

The correct approach to extracting evidence from a mobile device suspected of leaking sensitive information emphasizes the need for a systematic and thorough procedure, which is best represented by the option that includes evidence intake, device identification, data processing, and reporting. In this order, evidence intake is crucial as it involves the initial collection and preservation of potential evidence. This step is vital to ensure that the data is not altered or destroyed during the process. Following this, device identification helps in recognizing the type of mobile device and its operating system, which is essential for selecting the right tools and methods for extraction. Data processing, the next step in this sequence, refers to the systematic extraction and analysis of the data obtained from the device. This phase is necessary to uncover relevant information and ensure its integrity before any reporting takes place. Finally, reporting summarizes the findings in a clear and organized manner, making it easier for stakeholders to understand the implications of the evidence extracted. Together, these steps create a logical flow that ensures a thorough and legally sound investigation into the suspected data leak, highlighting the importance of starting from the evidence intake through to detailed reporting.