CHFI Certification Test: Forensics And Network Intrusion! Trivia Quiz

To support the defense

To educate the public and court

To evaluate the court’s decisions

To testify against the plaintiff 

Expediting the process of obtaining a warrant may lead to a delay in prosecution of a perpetrator.

Delay in obtaining a warrant may lead to the destruction of evidence and hamper the investigation process.

Expediting the process of obtaining a warrant may lead to the timely prosecution of a perpetrator.

Delay in obtaining a warrant may lead to the preservation of evidence and expedite the investigation process.

Interpret, document, and present the evidence to be admissible during prosecution.

Track and prosecute the perpetrators in a court of law.

Mitigate vulnerabilities to prevent further loss of intellectual property, finances, and reputation during an attack.

Identify, gather, and preserve the evidence of a cybercrime.

An organization’s ability to make optimal use of digital evidence in a limited period and with minimal investigation costs.

The establishment of specific incident response procedures and designated trained personnel to prevent a breach.

Having no impact on prospects of successful legal action.

Replacing the need to meet all regulatory requirements.

The claimant is responsible for the collection and analysis of the evidence.

Investigators attempt to demonstrate information to the opposite party to support the claims and induce settlement.

The searching of the devices is based on mutual understanding and provides a wider time frame to hide the evidence.

Investigators, with a warrant, have the authority to forcibly seize the computing devices.

Lab exteriors should have no windows.

Room size should be compact with standard HVAC equipment.

Lightweight construction materials need to be used.

Computer systems should be visible from every angle.

Additional equipment such as notepads, printers, etc. should be stored elsewhere.

Physical computer examinations should take place in a separate workspace.

Examiner station has an area of about 50–63 square feet.

Multiple examiners should share workspace for efficiency.

Testify as an expert defendant.

Data acquisition

Data analysis

Testify as an expert witness.

Printer spool

Cookies

Log files

Address book

Swap file

Spreadsheet

Steganography

Bookmarks

When original evidence is in possession of the originator

When original evidence is destroyed due to fire and flood

When original evidence is in possession of a third party

When original evidence is destroyed in the normal course of business

Rule 103

Rule 102

Rule 105

Rule 101

Rule 103

Rule 102

Rule 105

Rule 101

Access time

Seek time

RPM speed

Transfer time

Non-volatile memory

Faster data access

Higher reliability

Less power usage

512

1,000

2,000

256

NTFS

EFX3

EXT2

FAT32

Volume descriptor

POSIX attribute

Track header

Boot sector

Romeo and MDF

ISO 9660

ISO 13490

Joliet and UDF

Number 2

Number 3

Number 0

Number 1

Number 0

Number 2

Number 3

Number 1

Number 2

Number 1

Number 255

Number 3

CIFS

NTFS

CDFS

VMFS

Extended partition

Primary partition

Secondary partition

Tertiary partition

Win Edit

Disk Edit

WinHex

Hex Workshop