CHFI EC COUNCIL TEST QUESTIONS AND ANSWERS
ETI investigation can be used to show that individuals commit crimes in furtherance of
the criminal enterprise. What does ETI stands for?
A. Enterprise Theory of Investigation
B. Ethical Trading Initiative
C. Ethical Theory of Investigation
D. Enterprise Technical Investigation - Answers - A
A methodical series of techniques and procedures for gathering evidence, from
computing equipment and various storage devices and digital media is referred as
computer forensics. The person who is responsible for authorization of a policy or
procedure for the investigation process is referred as:
A. Expert Witness
B. Evidence Manager
C. Decision Maker
D. Incident Analyzer - Answers - C
John is a Forensic Investigator working for Rodridge Corp. He started investigating a
forensic case and has collected some evidence. Now John wants to use this evidence
for further analysis. What should John do?
A. He should use the original evidence he has collected and proceed with the analysis
process
B. He should not use the original evidence he has collected
C. He should send the report for further analysis
D. He should not use the evidence he has collected and use some other's evidence
report - Answers - B
The digital evidence must have some characteristics to be disclosed in the court of law.
The statement "Evidence must be related to the fact being proved", defines which
characteristic?
A. Believable
B. Reliable
C. Admissible
D. Authentic - Answers - C
Digital evidence is circumstantial, which makes it difficult for a forensics investigator to
trace the system's activity. Identify the nature of digital evidence:
A. Sturdy
, B. Unbreakable
C. Strong
D. Fragile - Answers - D
It is essential to understand the laws that apply to the investigation including the internal
organization policies before starting the investigation process. Identify Rule 901 of
forensic laws:
A. Prohibits malicious mischief
B. Relevant evidence generally admissible; Irrelevant evidence inadmissible
C. Requirement of authentication or identification
D. Evidence of character and conduct of witness - Answers - C
Which of the following is a legal document that demonstrates the progression of
evidence as it travels from original evidence location to the forensic laboratory?
A. Chain of Custody
B. Origin of Custody
C. Evidence Document
D. Evidence Examine - Answers - A
Digital evidence is defined as "any information of probative value that is either stored or
transmitted in a digital form". Which type of digital data contains system time, logged-on
user(s), open files, network information, process information, process-to-port mapping,
process memory, clipboard contents, service/driver information, and command history?
A. Volatile Data
B. Non-volatile Data
C. Transient Data
D. Active Data - Answers - A
Which type of the digital data is used for the secondary storage and is long-term
persisting?
A. Non-volatile Data
B. Volatile Data
C. Transient Data
D. Temporarily Accessible Data - Answers - A
Which type of digital data stores a document file on a computer when it is deleted and
helps in the process of retrieving the file until that file space is reused?
A. Metadata
B. Residual Data
C. Archival Data
ETI investigation can be used to show that individuals commit crimes in furtherance of
the criminal enterprise. What does ETI stands for?
A. Enterprise Theory of Investigation
B. Ethical Trading Initiative
C. Ethical Theory of Investigation
D. Enterprise Technical Investigation - Answers - A
A methodical series of techniques and procedures for gathering evidence, from
computing equipment and various storage devices and digital media is referred as
computer forensics. The person who is responsible for authorization of a policy or
procedure for the investigation process is referred as:
A. Expert Witness
B. Evidence Manager
C. Decision Maker
D. Incident Analyzer - Answers - C
John is a Forensic Investigator working for Rodridge Corp. He started investigating a
forensic case and has collected some evidence. Now John wants to use this evidence
for further analysis. What should John do?
A. He should use the original evidence he has collected and proceed with the analysis
process
B. He should not use the original evidence he has collected
C. He should send the report for further analysis
D. He should not use the evidence he has collected and use some other's evidence
report - Answers - B
The digital evidence must have some characteristics to be disclosed in the court of law.
The statement "Evidence must be related to the fact being proved", defines which
characteristic?
A. Believable
B. Reliable
C. Admissible
D. Authentic - Answers - C
Digital evidence is circumstantial, which makes it difficult for a forensics investigator to
trace the system's activity. Identify the nature of digital evidence:
A. Sturdy
, B. Unbreakable
C. Strong
D. Fragile - Answers - D
It is essential to understand the laws that apply to the investigation including the internal
organization policies before starting the investigation process. Identify Rule 901 of
forensic laws:
A. Prohibits malicious mischief
B. Relevant evidence generally admissible; Irrelevant evidence inadmissible
C. Requirement of authentication or identification
D. Evidence of character and conduct of witness - Answers - C
Which of the following is a legal document that demonstrates the progression of
evidence as it travels from original evidence location to the forensic laboratory?
A. Chain of Custody
B. Origin of Custody
C. Evidence Document
D. Evidence Examine - Answers - A
Digital evidence is defined as "any information of probative value that is either stored or
transmitted in a digital form". Which type of digital data contains system time, logged-on
user(s), open files, network information, process information, process-to-port mapping,
process memory, clipboard contents, service/driver information, and command history?
A. Volatile Data
B. Non-volatile Data
C. Transient Data
D. Active Data - Answers - A
Which type of the digital data is used for the secondary storage and is long-term
persisting?
A. Non-volatile Data
B. Volatile Data
C. Transient Data
D. Temporarily Accessible Data - Answers - A
Which type of digital data stores a document file on a computer when it is deleted and
helps in the process of retrieving the file until that file space is reused?
A. Metadata
B. Residual Data
C. Archival Data
