COMPUTER FORENSICS CHFI COMPLETE INVESTIGATION &
EXAM GUIDE 2024/2025 LATEST UPDATE
Question And Answers
1. Computer Forensics in Today’s World
1) Which of the following is true regarding computer forensics? (pg. 19)
i. Computer forensics deals with the process of finding evidence related to a
digital crime to find the culprits and initiate legal action against them.
2) Which of the following is not an objective of computer forensics? (pg. 19)
i. Document vulnerabilities allowing further loss of intellectual property, finances,
and reputation during an attack.
3) Forensic readiness refers to _____________. (pg. 31)
i. An organization’s ability to make optimal use of digital evidence in a limited time
period and with minimal investigation costs
4) What is not an impact of cybercrime? (28)
i. Huge financial gain
5) Which of the following is true of cybercrimes? (30)
i. Investigators, with a warrant, have the authority to forcibly seize the computing
devices.
6) Which of the following is true of civil crimes? (31)
i. The initial reporting of the evidence is generally informal
7) Which of the following is a user-created source of potential evidence? (39)
,i. Address book
8) Which of the following is a computer-created source of potential evidence? (39)
i. Swap file
9) Which of the following is not where potential evidence may be located? (37-38)
i. Processor
10) Under which of the following conditions will duplicate evidence not suffice? (42)
i. When original evidence is in possession of the originator.
11) Which of the following Federal Rules of Evidence contains Rulings on Evidence? (46)
i. Rule 103
12) Which of the following Federal Rules of Evidence ensures that the truth may be
ascertained and proceedings justly determined? (46)
i. Rule 102
13) Which of the following Federal Rules of Evidence governs proceedings in the courts of
the United States? (45)
i. Rule 101
14) Which of the following Federal Rules of Evidence states that the court shall restrict the
evidence to its proper scope and instruct the jury accordingly? (47)
i. Rule 105
15) Which of the following answers refers to a set of methodological procedures and
techniques to identify, gather, preserve, extract, interpret, document, and present
evidence from computing equipment in such a manner that the discovered evidence is
acceptable during a legal and/or administrative proceeding in a court of law? (19)
i. Computer Forensics
16) Minimizing the tangible and intangible losses to the organization or an individual is
considered an essential computer forensics use. (19)
i. True17) Cybercrimes can be classified into the following two types of attacks, based on the
line
,of attack. (25-26)
i. Internal and external
18) Espionage, theft of intellectual property, manipulation of records, and Trojan horse
attacks are examples of what? (26)
i. Insider attacks or primary threats
19) External attacks occur when there are inadequate information-security policies and
procedures. (26)
i. True
20) Which type of cases involve disputes between two parties? (31)
i. Civil
21) A computer forensic examiner can investigate any crime as long as he or she takes
detailed notes and follows the appropriate processes. (83)
i. False – The computer forensic examiner must not continue with the
investigation if the examination is going to be beyond his or her knowledge level
or skill level. In these circumstances, the forensic investigator must seek the
assistance of an experienced specialist investigator or undergo training in that
particular field to enhance his or her knowledge or skill set. It would be wise to
discontinue with the investigation if it is going to be adversely affect the
outcome of the case.
22) _________ is the standard investigative model used by the FBI when conducting
investigations against major criminal organizations. (34)
i. Enterprise Theory of Investigation (ETI)
23) Forensic readiness includes technical and non-technical actions that maximize an
organization’s competence to use digital evidence. (64)
i. True
24) Which of the following is the process of developing a strategy to address the occurrence
of any security breach in the system or network? (70)
, i. Incident Response
25) Code of ethics are the principles stated to describe the expected behavior of an
investigator while handling a case. Which of the following is not a principle that a
computer forensic investigator must follow? (83)
i. Provide personal or prejudiced opinions.
26) In forensics laws, “authenticating or identifying evidences” comes under which rule? (56)
i. Rule 901
27) What requires companies that offer financial products or services to protect customer
information against security threats? (92)
i. GLBA
28) Which of the following includes security standards for health information? (93-94)
i. HIPAA
29) What is the act passed by the U.S. Congress to protect investors from the possibility of
fraudulent accounting activities by corporations? (96-97)
i. SOX30) What is a proprietary information security standard for organizations that handle
cardholder information for major debit, credit, prepaid, e-purse, ATM, and POS cards?
(96)
i. PCI DSS
2. Computer Forensics Investigation Process
1) What is the role of an expert witness? (196)
i. To educate the jury and court
2) Who is a legitimate issuer of a search warrant? (145)
i. A judge
3) Under which of the following circumstances has a court of law allowed investigators to
perform searches without a warrant? (147)
i. Delay in obtaining a warrant may lead to the destruction of evidence and
hamper the investigation process.
EXAM GUIDE 2024/2025 LATEST UPDATE
Question And Answers
1. Computer Forensics in Today’s World
1) Which of the following is true regarding computer forensics? (pg. 19)
i. Computer forensics deals with the process of finding evidence related to a
digital crime to find the culprits and initiate legal action against them.
2) Which of the following is not an objective of computer forensics? (pg. 19)
i. Document vulnerabilities allowing further loss of intellectual property, finances,
and reputation during an attack.
3) Forensic readiness refers to _____________. (pg. 31)
i. An organization’s ability to make optimal use of digital evidence in a limited time
period and with minimal investigation costs
4) What is not an impact of cybercrime? (28)
i. Huge financial gain
5) Which of the following is true of cybercrimes? (30)
i. Investigators, with a warrant, have the authority to forcibly seize the computing
devices.
6) Which of the following is true of civil crimes? (31)
i. The initial reporting of the evidence is generally informal
7) Which of the following is a user-created source of potential evidence? (39)
,i. Address book
8) Which of the following is a computer-created source of potential evidence? (39)
i. Swap file
9) Which of the following is not where potential evidence may be located? (37-38)
i. Processor
10) Under which of the following conditions will duplicate evidence not suffice? (42)
i. When original evidence is in possession of the originator.
11) Which of the following Federal Rules of Evidence contains Rulings on Evidence? (46)
i. Rule 103
12) Which of the following Federal Rules of Evidence ensures that the truth may be
ascertained and proceedings justly determined? (46)
i. Rule 102
13) Which of the following Federal Rules of Evidence governs proceedings in the courts of
the United States? (45)
i. Rule 101
14) Which of the following Federal Rules of Evidence states that the court shall restrict the
evidence to its proper scope and instruct the jury accordingly? (47)
i. Rule 105
15) Which of the following answers refers to a set of methodological procedures and
techniques to identify, gather, preserve, extract, interpret, document, and present
evidence from computing equipment in such a manner that the discovered evidence is
acceptable during a legal and/or administrative proceeding in a court of law? (19)
i. Computer Forensics
16) Minimizing the tangible and intangible losses to the organization or an individual is
considered an essential computer forensics use. (19)
i. True17) Cybercrimes can be classified into the following two types of attacks, based on the
line
,of attack. (25-26)
i. Internal and external
18) Espionage, theft of intellectual property, manipulation of records, and Trojan horse
attacks are examples of what? (26)
i. Insider attacks or primary threats
19) External attacks occur when there are inadequate information-security policies and
procedures. (26)
i. True
20) Which type of cases involve disputes between two parties? (31)
i. Civil
21) A computer forensic examiner can investigate any crime as long as he or she takes
detailed notes and follows the appropriate processes. (83)
i. False – The computer forensic examiner must not continue with the
investigation if the examination is going to be beyond his or her knowledge level
or skill level. In these circumstances, the forensic investigator must seek the
assistance of an experienced specialist investigator or undergo training in that
particular field to enhance his or her knowledge or skill set. It would be wise to
discontinue with the investigation if it is going to be adversely affect the
outcome of the case.
22) _________ is the standard investigative model used by the FBI when conducting
investigations against major criminal organizations. (34)
i. Enterprise Theory of Investigation (ETI)
23) Forensic readiness includes technical and non-technical actions that maximize an
organization’s competence to use digital evidence. (64)
i. True
24) Which of the following is the process of developing a strategy to address the occurrence
of any security breach in the system or network? (70)
, i. Incident Response
25) Code of ethics are the principles stated to describe the expected behavior of an
investigator while handling a case. Which of the following is not a principle that a
computer forensic investigator must follow? (83)
i. Provide personal or prejudiced opinions.
26) In forensics laws, “authenticating or identifying evidences” comes under which rule? (56)
i. Rule 901
27) What requires companies that offer financial products or services to protect customer
information against security threats? (92)
i. GLBA
28) Which of the following includes security standards for health information? (93-94)
i. HIPAA
29) What is the act passed by the U.S. Congress to protect investors from the possibility of
fraudulent accounting activities by corporations? (96-97)
i. SOX30) What is a proprietary information security standard for organizations that handle
cardholder information for major debit, credit, prepaid, e-purse, ATM, and POS cards?
(96)
i. PCI DSS
2. Computer Forensics Investigation Process
1) What is the role of an expert witness? (196)
i. To educate the jury and court
2) Who is a legitimate issuer of a search warrant? (145)
i. A judge
3) Under which of the following circumstances has a court of law allowed investigators to
perform searches without a warrant? (147)
i. Delay in obtaining a warrant may lead to the destruction of evidence and
hamper the investigation process.
