Cyber Security - CHFI Exam With Complete Solutions
Latest Update
The following is the first thing one should do to prepare a computer in readiness for
forensics investigation: - ANSWER Do not turn the computer on or off, run any
programs, or attempt to access data on a computer
The goal of forensic science is: - ANSWER To ascertain the evidential value of the crime
scene and evidence associated therewith
Computer forensics is: - ANSWER Science of capturing, processing and investigating
computer security incidents and making it acceptable to a court of law.
The role of the forensic investigator is to: - ANSWER Make an image backup of the
original evidence without altering potential evidence
What is the first step to be carried out in an investigation of a computer crime? -
ANSWER Obtain a search warrant
When would you conduct searches without a warrant? - ANSWER When destruction of
evidence is imminent
What is the "Best Evidence Rule"? - ANSWER The court only allows the original
evidence of a document, photograph, or recording at the trial rather than a copy
What is the law associated with fraud and related activity in connection with computers?
- ANSWER 18 USC 1030
Which of the following is a time when a checksum of the evidence would occur? -
, ANSWER While you are acquiring the data
Chain of custody The term describes - ANSWER The succession of possession and the
location of physical evidence from its recovery to its appearance in court.
Which of the following actions should NOT be taken by first responders? - ANSWER
Prosecute a suspect
When acquiring electronic evidence at scene of crime it is best not to: - ANSWER turn
the computer off
First response to an incident may not be a forensics expert. Of the people listed here
which is best capable of collecting, preserving and packaging electronic evidence? -
ANSWER Forensic staff
Forensic laboratory imaging system will have these qualities - ANSWER very low image
capture rate
When building a forensic lab, health and safety issues are most important in
consideration because? - ANSWER This is to protect the personnel
Tracking numbering on a hard disk starts at 0 and typically goes up to ___________. -
ANSWER 1023
If the partition size Is 4 GB, each cluster will be 32 K. Even If a file needs only 10 K, the
entire 32 K will be allocated, resulting In 22 K of___________. - ANSWER Slack space
If a file is 2575 bytes, what is it's size in sectors? - ANSWER 6
: Used to - ANSWER Clear the RunMRU registry key
Clearing the Recent documents list in the Start Menu and Taskbar Properties.
Latest Update
The following is the first thing one should do to prepare a computer in readiness for
forensics investigation: - ANSWER Do not turn the computer on or off, run any
programs, or attempt to access data on a computer
The goal of forensic science is: - ANSWER To ascertain the evidential value of the crime
scene and evidence associated therewith
Computer forensics is: - ANSWER Science of capturing, processing and investigating
computer security incidents and making it acceptable to a court of law.
The role of the forensic investigator is to: - ANSWER Make an image backup of the
original evidence without altering potential evidence
What is the first step to be carried out in an investigation of a computer crime? -
ANSWER Obtain a search warrant
When would you conduct searches without a warrant? - ANSWER When destruction of
evidence is imminent
What is the "Best Evidence Rule"? - ANSWER The court only allows the original
evidence of a document, photograph, or recording at the trial rather than a copy
What is the law associated with fraud and related activity in connection with computers?
- ANSWER 18 USC 1030
Which of the following is a time when a checksum of the evidence would occur? -
, ANSWER While you are acquiring the data
Chain of custody The term describes - ANSWER The succession of possession and the
location of physical evidence from its recovery to its appearance in court.
Which of the following actions should NOT be taken by first responders? - ANSWER
Prosecute a suspect
When acquiring electronic evidence at scene of crime it is best not to: - ANSWER turn
the computer off
First response to an incident may not be a forensics expert. Of the people listed here
which is best capable of collecting, preserving and packaging electronic evidence? -
ANSWER Forensic staff
Forensic laboratory imaging system will have these qualities - ANSWER very low image
capture rate
When building a forensic lab, health and safety issues are most important in
consideration because? - ANSWER This is to protect the personnel
Tracking numbering on a hard disk starts at 0 and typically goes up to ___________. -
ANSWER 1023
If the partition size Is 4 GB, each cluster will be 32 K. Even If a file needs only 10 K, the
entire 32 K will be allocated, resulting In 22 K of___________. - ANSWER Slack space
If a file is 2575 bytes, what is it's size in sectors? - ANSWER 6
: Used to - ANSWER Clear the RunMRU registry key
Clearing the Recent documents list in the Start Menu and Taskbar Properties.
