What can an investigator examine to verify that a file has the correct extension?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards

From $9.99Unlock all

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

Multiple Choice

What can an investigator examine to verify that a file has the correct extension?

File headers contain the signature that identifies the true format of a file, independent of its name. This header, often called a magic number, tells you the actual type of content (for example, a PNG starts with a specific byte sequence, a PDF begins with “%PDF-”, etc.). Because extensions are just labels and can be incorrect or misleading, examining the header lets you verify whether the file’s content matches its claimed extension.

The other options don’t reliably indicate the file’s type: the File Allocation Table shows where the file’s data blocks are on disk, not what the data actually is; the sector map is a low-level disk layout detail; and a file footer may exist for some formats but isn’t a universal source of truth for file type.

What can an investigator examine to verify that a file has the correct extension?

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

What can an investigator examine to verify that a file has the correct extension?

Get the latest from Examzify