You are assisting in the investigation of a possible Web Server Hack. The company who called you stated that
customers reported to them that whenever they entered the web address of the company in their browser, what
they received was a porno graphic web site. The company checked the web server and nothing appears
wrong. When you type in the IP address of the web site in your browser everything appears normal. What is
the name of the attack that affects the DNS cache of the name resolution servers, resulting in those servers
directing users to the wrong web site?

In conducting a computer abuse investigation you become aware that the suspect of the investigation is using
ABC Company as his Internet Service Provider (ISP). You contact ISP and request that they provide you
assistance with your investigation. What assistance can the ISP provide?

As a CHFI professional, which of the following is the most important to your professional reputation?

You are conducting an investigation of fraudulent claims in an insurance company that involves complex text
searches through large numbers of documents. Which of the following tools would allow you to quickly and
efficiently search for a string within a file on the bitmap image of the target computer?

When cataloging digital evidence, the primary goal is to

The police believe that Melvin Matthew has been obtaining unauthorized access to computers belonging to
numerous computer software and computer operating systems manufacturers, cellular telephone
manufacturers, Internet Service Providers and Educational Institutions. They also suspect that he has been
stealing, copying and misappropriating proprietary computer software belonging to the several victim
companies. What is preventing the police from breaking down the suspects door and searching his home and
seizing all of his computer equipment if they have not yet obtained a warrant?

A law enforcement officer may only search for and seize criminal evidence with _______________________,
which are facts or circumstances that would lead a reasonable person to believe a crime has been committed
or is about to be committed, evidence of the specific crime exists and the evidence of the specific crime exists
at the place to be searched.

You are working as a Computer forensics investigator for a corporation on a computer abuse case. You
discover evidence that shows the subject of your investigation is also embezzling money from the company.
The company CEO and the corporate legal counsel advise you to contact law enforcement and provide them
with the evidence that you have found. The law enforcement officer that responds requests that you put a
network sniffer on your network and monitor all traffic to the subject’s computer. You inform the officer that you
will not be able to comply with that request because doing so would:

You have been asked to investigate after a user has reported a threatening e-mail they have received from an
external source. Which of the following are you most interested in when trying to trace the source of the
message?

You have completed a forensic investigation case. You would like to destroy the data contained in various
disks at the forensics lab due to sensitivity of the case. How would you permanently erase the data on the hard
disk?