Why is it important for an Incident Responder to copy malicious files to the ATP file store or create an image of the infected system during the Recovery phase?
A. To have a copy of the file policy enforcement
B. To test the effectiveness of the current assigned policy settings in the Symantec Endpoint Protection Manager (SEPM)
C. To create custom IPS signatures
D. To document and preserve any pieces of evidence associated with the incident