2
C702 Computer Hacking Forensics Investigator (CHFI) v10 || || || || || || ||
Exam with precise detailed solutions || || || ||
What is computer forensics? || || ||
It refers to a set of methodological procedures and techniques to identify, gather, preserve, extract,
|| || || || || || || || || || || || || ||
interpret, document, and present evidence from computing equipment such that the discovered
|| || || || || || || || || || || || ||
evidence is acceptable during a legal and/or administrative proceeding in a court of law.
|| || || || || || || || || || || || ||
Cybercrime
any illegal act that involves computing systems, applications, or network.
|| || || || || || || || ||
Cybercrime Investigation ||
any illegal act that involves computing systems, applications, or network.
|| || || || || || || || ||
Criminal Case ||
involve actions that go against the interests of society, the burden of proving that the accused is
|| || || || || || || || || || || || || || || || ||
guilty lies entirely with the prosecution.
|| || || || ||
Civil cases ||
wherein the plaintiff registers the case and is responsible for the burden of proof while the
|| || || || || || || || || || || || || || || ||
authority hears both parties and passes the judgment based on the evidence presented.
|| || || || || || || || || || || ||
Administrative Investigation ||
an internal investigation by an organization to discover if its employees, clients, and partners are
|| || || || || || || || || || || || || || ||
complying with the rules or policies. || || || || ||
Digital Evidence ||
probative information stored on or transmitted through an electronic device.
|| || || || || || || || ||
Volatile data ||
the temporary information on a digital device that requires a constant power supply and is deleted
|| || || || || || || || || || || || || || || ||
if the power supply is interrupted.
|| || || || ||
Non-volatile data ||
the permanent data stored on secondary storage devices, such as hard disks and memory cards.
|| || || || || || || || || || || || || ||
Three types of sources for potential evidence
|| || || || || ||
,2
- User-Created Files
|| ||
- User-Protected Files
|| ||
- Computer-Created Files
|| ||
Five basic rules of evidence || || || ||
- Understandable: present the evidence in a clear and comprehensible manner to the members of
|| || || || || || || || || || || || || || ||
the jury ||
- Admissible: should be relevant to the case, act in support of the client presenting it, and be well-
|| || || || || || || || || || || || || || || || || ||
communicated and non-prejudiced || ||
- Authentic: provide supporting documents regarding the authenticity of the evidence
|| || || || || || || || || ||
- Reliable: extract and handle the evidence while maintaining a record of the tasks performed
|| || || || || || || || || || || || || || ||
during the process using only copies of the evidence.
|| || || || || || || ||
- Complete: it must either prove or disprove the consensual fact in the litigation.
|| || || || || || || || || || || || ||
Incident Response ||
process of responding to incidents that may have occurred due to a security breach or other
|| || || || || || || || || || || || || || || ||
incidents that potentially compromise the system or network. || || || || || || ||
Security Operations Center (SOC) || || ||
a centralized unit that continuously monitors, manages, and analyzes ongoing activities on the
|| || || || || || || || || || || || ||
organization's information systems, such as networks, servers, endpoints, databases, applications, || || || || || || || || || ||
and websites. ||
Gramm-Leach-Bliley Act (GLBA) || ||
requires financial institutions-companies to explain their information-sharing practices to their
|| || || || || || || || || ||
customers and to safeguard sensitive data. || || || || ||
Federal Information Security Modernization Act of 2014 (FISMA)
|| || || || || || ||
introduced as an amendment to the Federal Information Security Management Act of 2002, which
|| || || || || || || || || || || || ||
was implemented to provide a framework for federal information systems to have more effective
|| || || || || || || || || || || || || || ||
information security controls in place. || || || ||
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
|| || || || || || || ||
provides federal protections for individually identifiable health information
|| || || || || || ||
The Electronic Communications Privacy Act of 1986
|| || || || || ||
protects wire, oral, and electronic communications, while such communications are being made,
|| || || || || || || || || || || ||
are in transit, and stored on computers. The Act applies to email, telephone conversations, and
|| || || || || || || || || || || || || || ||
data stored electronically. || ||
General Data Protection Regulation (GDPR) || || || ||
, 2
data privacy laws across Europe, to protect and empower all EU citizens' data privacy, and to
|| || || || || || || || || || || || || || || ||
reshape the way organizations across the region approach data privacy.
|| || || || || || || || ||
Payment Card Industry Data Security Standard (PCI DSS) || || || || || || ||
a proprietary information security standard for organizations that handle cardholder information
|| || || || || || || || || || ||
for the major debit, credit, prepaid, e-purse, ATM, and POS cards.
|| || || || || || || || || ||
Sarbanes-Oxley Act (SOX) of 2002 || || || ||
protect investors from the possibility of fraudulent accounting activities by corporations.
|| || || || || || || || || ||
Foreign Intelligence Surveillance Act of 1978 (FISA)
|| || || || || ||
procedures for requesting judicial authorization for electronic surveillance and physical search of
|| || || || || || || || || || || ||
persons engaged in espionage or international terrorism against the United States on behalf of a
|| || || || || || || || || || || || || || ||
foreign power. ||
Protect America Act of 2007 || || || ||
amends FISA to state that nothing under its definition of "electronic surveillance" shall be
|| || || || || || || || || || || || || ||
construed to encompass surveillance directed at a person reasonably believed to be located
|| || || || || || || || || || || || ||
outside the United States. || || ||
Privacy Act of 1974 || || ||
establishes a code of fair information practices that governs the collection, maintenance, use, and
|| || || || || || || || || || || || || ||
dissemination of information about individuals that is maintained in systems of records by federal || || || || || || || || || || || || || ||
agencies.
National Information Infrastructure Protection Act of 1996
|| || || || || ||
revises federal criminal code provisions regarding fraud and related activity in connection with
|| || || || || || || || || || || || ||
computers.
Computer Security Act of 1987 || || || ||
"It directs the National Bureau of Standards to establish a computer standards program for Federal
|| || || || || || || || || || || || || ||
computer systems, including guidelines for the security of such systems.
|| || || || || || || || || ||
The Freedom of Information Act
|| || || ||
initially enacted in 1966, provides that any person has the right to request access to federal agency
|| || || || || || || || || || || || || || || ||
records or information except to the extent the records are protected from disclosure by any of the
|| || || || || || || || || || || || || || || || ||
nine exemptions contained in the law or by one of the three special law enforcement record
|| || || || || || || || || || || || || || || || ||
exclusions.
Forensic Readiness ||
C702 Computer Hacking Forensics Investigator (CHFI) v10 || || || || || || ||
Exam with precise detailed solutions || || || ||
What is computer forensics? || || ||
It refers to a set of methodological procedures and techniques to identify, gather, preserve, extract,
|| || || || || || || || || || || || || ||
interpret, document, and present evidence from computing equipment such that the discovered
|| || || || || || || || || || || || ||
evidence is acceptable during a legal and/or administrative proceeding in a court of law.
|| || || || || || || || || || || || ||
Cybercrime
any illegal act that involves computing systems, applications, or network.
|| || || || || || || || ||
Cybercrime Investigation ||
any illegal act that involves computing systems, applications, or network.
|| || || || || || || || ||
Criminal Case ||
involve actions that go against the interests of society, the burden of proving that the accused is
|| || || || || || || || || || || || || || || || ||
guilty lies entirely with the prosecution.
|| || || || ||
Civil cases ||
wherein the plaintiff registers the case and is responsible for the burden of proof while the
|| || || || || || || || || || || || || || || ||
authority hears both parties and passes the judgment based on the evidence presented.
|| || || || || || || || || || || ||
Administrative Investigation ||
an internal investigation by an organization to discover if its employees, clients, and partners are
|| || || || || || || || || || || || || || ||
complying with the rules or policies. || || || || ||
Digital Evidence ||
probative information stored on or transmitted through an electronic device.
|| || || || || || || || ||
Volatile data ||
the temporary information on a digital device that requires a constant power supply and is deleted
|| || || || || || || || || || || || || || || ||
if the power supply is interrupted.
|| || || || ||
Non-volatile data ||
the permanent data stored on secondary storage devices, such as hard disks and memory cards.
|| || || || || || || || || || || || || ||
Three types of sources for potential evidence
|| || || || || ||
,2
- User-Created Files
|| ||
- User-Protected Files
|| ||
- Computer-Created Files
|| ||
Five basic rules of evidence || || || ||
- Understandable: present the evidence in a clear and comprehensible manner to the members of
|| || || || || || || || || || || || || || ||
the jury ||
- Admissible: should be relevant to the case, act in support of the client presenting it, and be well-
|| || || || || || || || || || || || || || || || || ||
communicated and non-prejudiced || ||
- Authentic: provide supporting documents regarding the authenticity of the evidence
|| || || || || || || || || ||
- Reliable: extract and handle the evidence while maintaining a record of the tasks performed
|| || || || || || || || || || || || || || ||
during the process using only copies of the evidence.
|| || || || || || || ||
- Complete: it must either prove or disprove the consensual fact in the litigation.
|| || || || || || || || || || || || ||
Incident Response ||
process of responding to incidents that may have occurred due to a security breach or other
|| || || || || || || || || || || || || || || ||
incidents that potentially compromise the system or network. || || || || || || ||
Security Operations Center (SOC) || || ||
a centralized unit that continuously monitors, manages, and analyzes ongoing activities on the
|| || || || || || || || || || || || ||
organization's information systems, such as networks, servers, endpoints, databases, applications, || || || || || || || || || ||
and websites. ||
Gramm-Leach-Bliley Act (GLBA) || ||
requires financial institutions-companies to explain their information-sharing practices to their
|| || || || || || || || || ||
customers and to safeguard sensitive data. || || || || ||
Federal Information Security Modernization Act of 2014 (FISMA)
|| || || || || || ||
introduced as an amendment to the Federal Information Security Management Act of 2002, which
|| || || || || || || || || || || || ||
was implemented to provide a framework for federal information systems to have more effective
|| || || || || || || || || || || || || || ||
information security controls in place. || || || ||
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
|| || || || || || || ||
provides federal protections for individually identifiable health information
|| || || || || || ||
The Electronic Communications Privacy Act of 1986
|| || || || || ||
protects wire, oral, and electronic communications, while such communications are being made,
|| || || || || || || || || || || ||
are in transit, and stored on computers. The Act applies to email, telephone conversations, and
|| || || || || || || || || || || || || || ||
data stored electronically. || ||
General Data Protection Regulation (GDPR) || || || ||
, 2
data privacy laws across Europe, to protect and empower all EU citizens' data privacy, and to
|| || || || || || || || || || || || || || || ||
reshape the way organizations across the region approach data privacy.
|| || || || || || || || ||
Payment Card Industry Data Security Standard (PCI DSS) || || || || || || ||
a proprietary information security standard for organizations that handle cardholder information
|| || || || || || || || || || ||
for the major debit, credit, prepaid, e-purse, ATM, and POS cards.
|| || || || || || || || || ||
Sarbanes-Oxley Act (SOX) of 2002 || || || ||
protect investors from the possibility of fraudulent accounting activities by corporations.
|| || || || || || || || || ||
Foreign Intelligence Surveillance Act of 1978 (FISA)
|| || || || || ||
procedures for requesting judicial authorization for electronic surveillance and physical search of
|| || || || || || || || || || || ||
persons engaged in espionage or international terrorism against the United States on behalf of a
|| || || || || || || || || || || || || || ||
foreign power. ||
Protect America Act of 2007 || || || ||
amends FISA to state that nothing under its definition of "electronic surveillance" shall be
|| || || || || || || || || || || || || ||
construed to encompass surveillance directed at a person reasonably believed to be located
|| || || || || || || || || || || || ||
outside the United States. || || ||
Privacy Act of 1974 || || ||
establishes a code of fair information practices that governs the collection, maintenance, use, and
|| || || || || || || || || || || || || ||
dissemination of information about individuals that is maintained in systems of records by federal || || || || || || || || || || || || || ||
agencies.
National Information Infrastructure Protection Act of 1996
|| || || || || ||
revises federal criminal code provisions regarding fraud and related activity in connection with
|| || || || || || || || || || || || ||
computers.
Computer Security Act of 1987 || || || ||
"It directs the National Bureau of Standards to establish a computer standards program for Federal
|| || || || || || || || || || || || || ||
computer systems, including guidelines for the security of such systems.
|| || || || || || || || || ||
The Freedom of Information Act
|| || || ||
initially enacted in 1966, provides that any person has the right to request access to federal agency
|| || || || || || || || || || || || || || || ||
records or information except to the extent the records are protected from disclosure by any of the
|| || || || || || || || || || || || || || || || ||
nine exemptions contained in the law or by one of the three special law enforcement record
|| || || || || || || || || || || || || || || || ||
exclusions.
Forensic Readiness ||
