Which step should you take first when handling a PDA found during a hacking ring investigation?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

Multiple Choice

Which step should you take first when handling a PDA found during a hacking ring investigation?

Explanation:
The step being tested is the practice of preserving evidence by first capturing an objective record of the device and its connections. Photographing and documenting the PDA and any peripheral devices creates a baseline of exactly how the device appeared when found—the model, serial numbers, cables, ports, power state, screen status, and surrounding context. This record is essential for later analysis and for maintaining a solid chain of custody, because it prevents uncertainty about how the device was located and what was connected at the moment of seizure. Why this is the best first move: once you have a precise, unaltered record, you can move forward with preservation steps with confidence, knowing you didn’t rely on memory or assumptions. Other actions, like unplugging cables or powering the device down, can change data or remove volatile information and should only be performed after the initial documentation to avoid compromising the evidence. Placing the PDA in an antistatic bag is important for protection, but it comes after you’ve documented the scene so you have a factual reference of the original state.

The step being tested is the practice of preserving evidence by first capturing an objective record of the device and its connections. Photographing and documenting the PDA and any peripheral devices creates a baseline of exactly how the device appeared when found—the model, serial numbers, cables, ports, power state, screen status, and surrounding context. This record is essential for later analysis and for maintaining a solid chain of custody, because it prevents uncertainty about how the device was located and what was connected at the moment of seizure.

Why this is the best first move: once you have a precise, unaltered record, you can move forward with preservation steps with confidence, knowing you didn’t rely on memory or assumptions. Other actions, like unplugging cables or powering the device down, can change data or remove volatile information and should only be performed after the initial documentation to avoid compromising the evidence. Placing the PDA in an antistatic bag is important for protection, but it comes after you’ve documented the scene so you have a factual reference of the original state.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy