CHFI EC Council Test - Questions with Verified Answers ETI investigation can be used to show that individuals commit crimes in furtherance of the
... [Show More] criminal enterprise. What does ETI stands for? A. Enterprise Theory of Investigation B. Ethical Trading Initiative C. Ethical Theory of Investigation D. Enterprise Technical Investigation A methodical series of techniques and procedures for gathering evidence, from computing equipment and various storage devices and digital media is referred as computer forensics. The person who is responsible for authorization of a policy or procedure for the investigation process is referred as: A. Expert Witness B. Evidence Manager C. Decision Maker D. Incident Analyzer It is essential to understand the laws that apply to the investigation including the internal organization policies before starting the investigation process. Identify Rule 901 of forensic laws: A. Prohibits malicious mischief B. Relevant evidence generally admissible; Irrelevant evidence inadmissible C. Requirement of authentication or identification D. Evidence of character and conduct of witness Which of the following is a legal document that demonstrates the progression of evidence as it travels from original evidence location to the forensic laboratory? A. Chain of Custody B. Origin of Custody C. Evidence Document D. Evidence Examine John is a Forensic Investigator working for Rodridge Corp. He started investigating a forensic case and has collected some evidence. Now John wants to use this evidence for further analysis. What should John do? A. He should use the original evidence he has collected and proceed with the analysis process B. He should not use the original evidence he has collected C. He should send the report for further analysis D. He should not use the evidence he has collected and use some other's evidence report The digital evidence must have some characteristics to be disclosed in the court of law. The statement "Evidence must be related to the fact being proved", defines which characteristic? A. Believable B. Reliable C. Admissible D. Authentic Digital evidence is circumstantial, which makes it difficult for a forensics investigator to trace the system's activity. Identify the nature of digital evidence: A. Sturdy B. Unbreakable C. Strong D. Fragile Digital evidence is defined as "any information of probative value that is either stored or transmitted in a digital form". Which type of digital data contains system time, logged-on user(s), open files, network information, process information, process-to-port mapping, process memory, clipboard contents, service/driver information, and command history? A. Volatile Data B. Non-volatile Data C. Transient Data D. Active Data Which type of the digital data is used for the secondary storage and is long-term persisting? A. Non-volatile Data B. Volatile Data C. Transient Data D. Temporarily Accessible Data Which type of digital data stores a document file on a computer when it is deleted and helps in the process of retrieving the file until that file space is reused? A. Metadata B. Residual Data C. Archival Data D. Transient Data Rules of evidence govern whether, when, how, and for what purpose proof of a case may be placed before a trier of fact for consideration. In Federal Rules of Evidence, which rule if for Admissibility of Duplicates? A. Rule 1002 B. Rule 1004 C. Rule 1003 D. Rule 1001 Scientific Working Group on Digital Evidence (SWGDE) has defined standards and criteria for the Exchange of Digital Evidence. Which of this SWGDE standards and criteria states that "Procedures used must be generally accepted in the field or supported by data gathered and recorded in a scientific manner"? A. Standards and Criteria 1.3 B. Standards and Criteria 1.1 C. Standards and Criteria 1.2 D. Standards and Criteria 1.4 Different types of electronic devices are used for collecting potential evidence to investigate a forensic case. In which of this electronic device evidence is found through Address book, Notes, Appointment calendars, Phone numbers and Email? A. Digital Watches B. Global Positioning Systems (GPS) C. Copiers D. Scanner Analysis is the process of interpreting the extracted data to determine their significance to the case. The result of which analysis may indicate the additional steps that needs to be taken in the extraction and analysis processes? A. Timeframe Analysis B. Data Hiding Analysis C. Application and File Analysis D. Ownership and Possession Analysis "Under no circumstances should anyone, with the exception of qualified computer forensics personnel, make any attempts to restore or recover information from a computer system or device that holds electronic information".The above statement is valid for which of the following rule: A. First response rule B. Second response rule C. Evidence response rule D. Forensic response rule When collecting evidence, the collection should proceed from the most volatile to the least volatile. From the given list, identify which one of the following is least volatile: A. Registers, cache B. Archival media C. Temporary file systems D. Disk or other storage media Mike is a Computer Forensic Investigator. He got a task from an organization to investigate a forensic case. When Mike reached the organization to investigate the place, he found that the computer at the crime scene was switched off. In this scenario, what do you think Mike should do? A. He should turn on the computer B. He should leave the computer off C. He should turn on the computer and extract the data D. He should turn on the computer and should start analyzing it In Forensic Investigation all evidence collected should be marked as exhibits using the exhibit numbering format. The format of exhibit numbering is aaa/ddmmyy/nnnn/zz. Identify what is zz in the exhibit number format: A. Initials of the Forensic Analyst or Law Enforcement Officer seizing the equipment B. The sequence number for parts of the same exhibit (e.g. 'A' - could be the CPU, 'B' - the Monitor, 'C' - the keyboard etc.) C. The date of the seizure D. Sequential number of the exhibits seized by aaa- starting with 001 and going to nnnn A Computer Forensics Lab (CFL) is a designated location for conducting computer based investigation on the collected evidence. Identify which one of the following is not a good consideration for the structural design of a forensic lab: A. It must be a secure place B. It must be constructed with heavy materials C. It must have windows in the lab's exterior D. It must not have any openings in the walls, ceilings, and floors The study of equipment to meet the human requirements of comfort without affecting the efficiency is defined as: A. Ergonomics B. Economics C. Erlonomics D. Erdynamics [Show Less]