During a hacking ring investigation, you recover a PDA attached to several peripherals. What is the first step to preserve the integrity of the evidence?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

Multiple Choice

During a hacking ring investigation, you recover a PDA attached to several peripherals. What is the first step to preserve the integrity of the evidence?

Explanation:
Capturing and documenting the exact state of the PDA and its peripherals at the scene creates a verifiable baseline that preserves how the evidence appeared and was connected when found. Photographs from multiple angles, close-ups of ports and cables, and detailed notes establish the chain of custody and allow later analysts to understand the original setup without relying on memory. This nonintrusive step prevents accidental changes to the evidence and provides a reference for every subsequent action. Handling steps like placing devices in an antistatic bag, unplugging connections, or powering down can alter the data or configuration. Those actions should come after documenting the scene to ensure the original state is preserved for analysis.

Capturing and documenting the exact state of the PDA and its peripherals at the scene creates a verifiable baseline that preserves how the evidence appeared and was connected when found. Photographs from multiple angles, close-ups of ports and cables, and detailed notes establish the chain of custody and allow later analysts to understand the original setup without relying on memory. This nonintrusive step prevents accidental changes to the evidence and provides a reference for every subsequent action.

Handling steps like placing devices in an antistatic bag, unplugging connections, or powering down can alter the data or configuration. Those actions should come after documenting the scene to ensure the original state is preserved for analysis.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy