Which of the following digital forensics activities would a security team perform when responding to legal requests in a pending investigation?

User provisioning is the process of setting up user accounts and granting access permissions to systems and resources. While important for managing user access within an organization, it is not directly related to digital forensics activities in response to legal requests during an investigation.

Exporting firewall logs involves retrieving and saving records of network traffic and security events logged by the firewall. While firewall logs can be valuable for investigating security incidents, exporting them is typically not a primary digital forensics activity specifically carried out to respond to legal requests in a pending investigation.

Root cause analysis is a methodical process used to identify the underlying cause of an issue or incident. While it is crucial for understanding and addressing security incidents, it is not a typical digital forensics activity specifically performed in response to legal requests during an investigation.