A security analyst has created an image of a drive from an incident. Which of the following describes what the analyst should do NEXT?
A. The analyst should create a backup of the drive and then hash the drive.
B. The analyst should begin analyzing the image and begin to report findings.
C. The analyst should create a hash of the image and compare it to the original drives hash.
D. The analyst should create a chain of custody document and notify stakeholders.