In which phase of the NIST incident response life cycle is evidence gathered that can assist subsequent investigations by authorities?
- preparation
- detection and analysis
- containment, eradication, and recovery
- postincident activities
| Answers Explanation & Hints:
NIST defines four phases in the incident response process life cycle. It is in the containment, eradication, and recovery phase that evidence is gathered to resolve an incident and to help with subsequent investigations. |