CHFI EXAM WITH COMPLETE SOLUTIONS LATEST UPDATE
A software company suspects that some employees have created automatic forwarding
of corporate e-mails to their personal mailboxes, an action prohibited by the company
policy. The company hires forensic investigators to find out who violates the policy in
order to send warnings to these employees. What kind of cybercrime investigation
approach is this company taking? - ANSWER Administrative
Which theory or law is a crime in relation to any criminal activity treated as a whole, a
criminal enterprise? - ANSWER Enterprise Theory of Investigation
Prior to the seizure of any computing device that is related to a criminal case, what does
a forensic investigator need to obtain first? - ANSWER Court warrant
Which activity should be utilized to validate or confirm whether an application has or has
never been installed on a computer? - ANSWER Log review
What would be the characteristic of an organization's forensic readiness about
cybercrimes? - ANSWER It includes cost considerations.
A cybercrime investigator finds a USB memory stick with e-mails as one of the key
pieces of evidence. Upon placing the USB stick in evidence, who should sign the chain
of custody document? - ANSWER Those who gain access to the device
What is the type of DoS technique that sends a great volume of data to overwhelm
system resources? - ANSWER Mail bombing
What is the step in computer crime forensics in which an investigator duplicates and
images the digital information they have collected? - ANSWER Acquiring data
What is the final step of any criminal investigation involving a computer forensic
, investigator? - ANSWER Testifying in court
How could a forensic investigator show an Android based mobile device is on without
turning the device on and perhaps changing the original evidence in some way or
communicating with the operating system in any fashion? - ANSWER Blinking lights
If a Faraday bag is not available, what should a forensic investigator use to protect a
mobile device? - ANSWER Aluminum foil
Which of the following is the test for determining whether a technology utilized by
government to acquire information in a computer search is considered novel and a
search warrant is required? -ANSWER Being available to the general public
In which of the following situations may a law enforcement officer seize a hard drive
from a residence without first obtaining a search warrant? -ANSWER The evidence is in
imminent danger.
What investigative legal document is a summary of findings, which are used in
prosecutions? - ANSWER Investigation report
What type of bag would an investigator use to prevent any signal from reaching a mobile
phone? - ANSWER Faraday bag
A forensic investigator is called to the witness stand as a technical witness in a case of
internet fraud involving payment. From the investigator's perspective, what would the
ethical action be when testifying? - ANSWER Presenting and explaining the facts from
the investigation
A court case has resulted from a virus within a system. What does the government agent
need to have followed in order to have conducted search and seizure? - ANSWER Fourth
Amendment
What type of approach does an investigator take when he has the plaintext and an image
A software company suspects that some employees have created automatic forwarding
of corporate e-mails to their personal mailboxes, an action prohibited by the company
policy. The company hires forensic investigators to find out who violates the policy in
order to send warnings to these employees. What kind of cybercrime investigation
approach is this company taking? - ANSWER Administrative
Which theory or law is a crime in relation to any criminal activity treated as a whole, a
criminal enterprise? - ANSWER Enterprise Theory of Investigation
Prior to the seizure of any computing device that is related to a criminal case, what does
a forensic investigator need to obtain first? - ANSWER Court warrant
Which activity should be utilized to validate or confirm whether an application has or has
never been installed on a computer? - ANSWER Log review
What would be the characteristic of an organization's forensic readiness about
cybercrimes? - ANSWER It includes cost considerations.
A cybercrime investigator finds a USB memory stick with e-mails as one of the key
pieces of evidence. Upon placing the USB stick in evidence, who should sign the chain
of custody document? - ANSWER Those who gain access to the device
What is the type of DoS technique that sends a great volume of data to overwhelm
system resources? - ANSWER Mail bombing
What is the step in computer crime forensics in which an investigator duplicates and
images the digital information they have collected? - ANSWER Acquiring data
What is the final step of any criminal investigation involving a computer forensic
, investigator? - ANSWER Testifying in court
How could a forensic investigator show an Android based mobile device is on without
turning the device on and perhaps changing the original evidence in some way or
communicating with the operating system in any fashion? - ANSWER Blinking lights
If a Faraday bag is not available, what should a forensic investigator use to protect a
mobile device? - ANSWER Aluminum foil
Which of the following is the test for determining whether a technology utilized by
government to acquire information in a computer search is considered novel and a
search warrant is required? -ANSWER Being available to the general public
In which of the following situations may a law enforcement officer seize a hard drive
from a residence without first obtaining a search warrant? -ANSWER The evidence is in
imminent danger.
What investigative legal document is a summary of findings, which are used in
prosecutions? - ANSWER Investigation report
What type of bag would an investigator use to prevent any signal from reaching a mobile
phone? - ANSWER Faraday bag
A forensic investigator is called to the witness stand as a technical witness in a case of
internet fraud involving payment. From the investigator's perspective, what would the
ethical action be when testifying? - ANSWER Presenting and explaining the facts from
the investigation
A court case has resulted from a virus within a system. What does the government agent
need to have followed in order to have conducted search and seizure? - ANSWER Fourth
Amendment
What type of approach does an investigator take when he has the plaintext and an image
