In conducting a computer abuse investigation you become aware that the suspect of the investigation is using A
In conducting a computer abuse investigation you become aware that the suspect of the investigation is using ABC Company as his Internet Service Provider (ISP). You contact ISP and request that they provide you assistance with your investigation. What assistance can the ISP provide? A. The ISP can investigate anyone using their service and can […]
As a CHFI professional, which of the following is the most important to your professional reputation?
As a CHFI professional, which of the following is the most important to your professional reputation? A. Your Certifications B. The correct, successful management of each and every case C. The free that you charge D. The friendship of local law enforcement officers
You are conducting an investigation of fraudulent claims in an insurance company that involves complex text se
You are conducting an investigation of fraudulent claims in an insurance company that involves complex text searches through large numbers of documents. Which of the following tools would allow you to quickly and efficiently search for a string within a file on the bitmap image of the target computer? A. Stringsearch B. grep C. dir […]
When cataloging digital evidence, the primary goal is to
When cataloging digital evidence, the primary goal is to A. Make bit-stream images of all hard drives B. Preserve evidence integrity C. Not remove the evidence from the scene D. Not allow the computer to be turned off
The police believe that Melvin Matthew has been obtaining unauthorized access to computers belonging to numero
The police believe that Melvin Matthew has been obtaining unauthorized access to computers belonging to numerous computer software and computer operating systems manufacturers, cellular telephone manufacturers, Internet Service Providers and Educational Institutions. They also suspect that he has been stealing, copying and misappropriating proprietary computer software belonging to the several victim companies. What is preventing […]
You are working as a Computer forensics investigator for a corporation on a computer abuse case.
You are working as a Computer forensics investigator for a corporation on a computer abuse case. You discover evidence that shows the subject of your investigation is also embezzling money from the company. The company CEO and the corporate legal counsel advise you to contact law enforcement and provide them with the evidence that you […]
You have been asked to investigate after a user has reported a threatening e-mail they have received from an e
You have been asked to investigate after a user has reported a threatening e-mail they have received from an external source. Which of the following are you most interested in when trying to trace the source of the message? A. The X509 Address B. The SMTP reply Address C. The E-mail Header D. The Host […]
You have completed a forensic investigation case.
You have completed a forensic investigation case. You would like to destroy the data contained in various disks at the forensics lab due to sensitivity of the case. How would you permanently erase the data on the hard disk? A. Throw the hard disk into the fire B. Run the powerful magnets over the hard […]
Office Documents (Word, Excel and PowerPoint) contain a code that allows tracking the MAC or unique identifier
Office Documents (Word, Excel and PowerPoint) contain a code that allows tracking the MAC or unique identifier of the machine that created the document. What is that code called? A. Globally unique ID B. Microsoft Virtual Machine Identifier C. Personal Application Protocol D. Individual ASCII string
When using Windows acquisitions tools to acquire digital evidence, it is important to use a well-tested hardwa
When using Windows acquisitions tools to acquire digital evidence, it is important to use a well-tested hardware write-blocking device to: A. Automate Collection from image files B. Avoiding copying data from the boot partition C. Acquire data from host-protected area on a disk D. Prevent Contamination to the evidence drive