A security analyst received a compromised workstation. The workstation’s hard drive may contain evidence of criminal activities. Which of the following is the FIRST thing the analyst must do to ensure the integrity of the hard drive while performing the analysis?
A. Make a copy of the hard drive.
B. Use write blockers.
C. Run rm R command to create a hash.
D. Install it on a different machine and explore the content.