Exam (elaborations)
CHFI Missed Questions and Answers Latest Update 100% Solved
- Course
- Institution
CHFI Missed Questions and Answers Latest Update 100% Solved
[Show more]
Content preview
CHFI Missed Questions and AnswersLatest Update 100% Solved
When marking evidence that has been collected with the aa/ddmmyy/nnnn/zz?format, what does
the nnn?denote?When marking evidence that has been collected with
the?aa/ddmmyy/nnnn/zz?format, what does the ?nnn?denote?
The year the evidence was taken
The sequence number for the parts of the same exhibit
The initials of the forensics analyst
The sequential number of the exhibits seized - ✔✔D. The sequential number of the exhibits
seized
When searching through file headers for picture file formats, what should be searched to find a
JPEG file in hexadecimal format?
FF D8 FF E0 00 10
FF FF FF FF FF FF
FF 00 FF 00 FF 00
EF 00 EF 00 EF 00 - ✔✔A. FF D8 FF E0 00 10
What type of file is represented by a colon (:) with a name following it in the Master FileTable
(MFT) of an NTFS disk?
,Compressed file
Data stream file
Encrypted file
Reserved file - ✔✔B. Data stream file
When carrying out a forensics investigation, why should you never delete a partition on a
dynamic disk?
All virtual memory will be deleted
The wrong partition may be set to active
This action can corrupt the disk
The computer will be set in a constant reboot state - ✔✔C. This action can corrupt the disk
Jacob is a computer forensics investigator with over 10 years experience in investigations and
has written over 50 articles on computer forensics. He has been called upon as a qualified
witness to testify the accuracy and integrity of the technical log files gathered in an investigation
into computer fraud. What is the term used for Jacob testimony in this case?computer fraud.
What is the term used for Jacob? testimony in this case?
Justification
Authentication
Reiteration
, Certification - ✔✔B. Authentication
What is the slave device connected to the secondary IDE controller on a Linux OS referred to?
hda hdd hdb
hdc - ✔✔B. hdd
During an investigation, an employee was found to have deleted harassing emails that were sent
to someone else. The company was using Microsoft Exchange and had message tracking
enabled. Where could the investigator search to find the message tracking log file on the
Exchange server?
C:\Program Files\Exchsrvr\servername.log
D:\Exchsrvr\Message Tracking\servername.log
C:\Exchsrvr\Message Tracking\servername.log
C:\Program Files\Microsoft Exchange\srvr\servername.log - ✔✔A. C:\Program
Files\Exchsrvr\servername.log
What file is processed at the end of a Windows XP boot to initialize the logon dialog box?
NTOSKRNL.EXE
NTLDR
LSASS.EXE
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller TheeGrades. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
77254 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now