Document what is on the screen
After a threat has been nullified, computer systems might undergo a forensic examination to gather information and determine the attack's methodology. A trade-off occurs while trying to preserve evidence while performing a forensic investigation. Any attempt to gather evidence could end up destroying the very information needed to pinpoint an assault or attacker. Documenting what is on the screen is the option that is least intrusive and least likely to obliterate important evidence. Running processes may be stopped, broken down, or stopped, which could wipe any data necessary for tracking the intrusion.
To know more about forensic investigation : https://brainly.com/question/12640045?referrer=searchResults
#SPJ4
