CHFI EC Council Test
CHFI EC Council Test Questions and Answers
Question 1
ETI investigation can be used to show that individuals commit crimes in furtherance of
the criminal enterprise. What does ETI stands for?
A. Enterprise Theory of Investigation
B. Ethical Trading Initiative
C. Ethical Theory of Investigation
D. Enterprise Technical Investigation
Correct Answer
A
Question 2
A methodical series of techniques and procedures for gathering evidence, from
computing equipment and various storage devices and digital media is referred as
computer forensics. The person who is responsible for authorization of a policy or
procedure for the investigation process is referred as:
A. Expert Witness
B. Evidence Manager
C. Decision Maker
D. Incident Analyzer
Correct Answer
C
Page 1 of 18
, CHFI EC Council Test
Question 3
It is essential to understand the laws that apply to the investigation including the
internal organization policies before starting the investigation process. Identify Rule
901 of forensic laws:
A. Prohibits malicious mischief
B. Relevant evidence generally admissible; Irrelevant evidence inadmissible
C. Requirement of authentication or identification
D. Evidence of character and conduct of witness
Correct Answer
C
Question 4
Which of the following is a legal document that demonstrates the progression of
evidence as it travels from original evidence location to the forensic laboratory?
A. Chain of Custody
B. Origin of Custody
C. Evidence Document
D. Evidence Examine
Correct Answer
A
Question 5
John is a Forensic Investigator working for Rodridge Corp. He started investigating a
forensic case and has collected some evidence. Now John wants to use this evidence
for further analysis. What should John do?
A. He should use the original evidence he has collected and proceed with the analysis
process
B. He should not use the original evidence he has collected
C. He should send the report for further analysis
D. He should not use the evidence he has collected and use some other's evidence
report
Correct Answer
B
Page 2 of 18
, CHFI EC Council Test
Question 6
The digital evidence must have some characteristics to be disclosed in the court of
law. The statement "Evidence must be related to the fact being proved", defines which
characteristic?
A. Believable
B. Reliable
C. Admissible
D. Authentic
Correct Answer
C
Question 7
Digital evidence is circumstantial, which makes it difficult for a forensics investigator
to trace the system's activity. Identify the nature of digital evidence:
A. Sturdy
B. Unbreakable
C. Strong
D. Fragile
Correct Answer
D
Question 8
Digital evidence is defined as "any information of probative value that is either stored
or transmitted in a digital form". Which type of digital data contains system time,
logged-on user(s), open files, network information, process information, process-to-
port mapping, process memory, clipboard contents, service/driver information, and
command history?
A. Volatile Data
B. Non-volatile Data
C. Transient Data
D. Active Data
Correct Answer
A
Page 3 of 18
CHFI EC Council Test Questions and Answers
Question 1
ETI investigation can be used to show that individuals commit crimes in furtherance of
the criminal enterprise. What does ETI stands for?
A. Enterprise Theory of Investigation
B. Ethical Trading Initiative
C. Ethical Theory of Investigation
D. Enterprise Technical Investigation
Correct Answer
A
Question 2
A methodical series of techniques and procedures for gathering evidence, from
computing equipment and various storage devices and digital media is referred as
computer forensics. The person who is responsible for authorization of a policy or
procedure for the investigation process is referred as:
A. Expert Witness
B. Evidence Manager
C. Decision Maker
D. Incident Analyzer
Correct Answer
C
Page 1 of 18
, CHFI EC Council Test
Question 3
It is essential to understand the laws that apply to the investigation including the
internal organization policies before starting the investigation process. Identify Rule
901 of forensic laws:
A. Prohibits malicious mischief
B. Relevant evidence generally admissible; Irrelevant evidence inadmissible
C. Requirement of authentication or identification
D. Evidence of character and conduct of witness
Correct Answer
C
Question 4
Which of the following is a legal document that demonstrates the progression of
evidence as it travels from original evidence location to the forensic laboratory?
A. Chain of Custody
B. Origin of Custody
C. Evidence Document
D. Evidence Examine
Correct Answer
A
Question 5
John is a Forensic Investigator working for Rodridge Corp. He started investigating a
forensic case and has collected some evidence. Now John wants to use this evidence
for further analysis. What should John do?
A. He should use the original evidence he has collected and proceed with the analysis
process
B. He should not use the original evidence he has collected
C. He should send the report for further analysis
D. He should not use the evidence he has collected and use some other's evidence
report
Correct Answer
B
Page 2 of 18
, CHFI EC Council Test
Question 6
The digital evidence must have some characteristics to be disclosed in the court of
law. The statement "Evidence must be related to the fact being proved", defines which
characteristic?
A. Believable
B. Reliable
C. Admissible
D. Authentic
Correct Answer
C
Question 7
Digital evidence is circumstantial, which makes it difficult for a forensics investigator
to trace the system's activity. Identify the nature of digital evidence:
A. Sturdy
B. Unbreakable
C. Strong
D. Fragile
Correct Answer
D
Question 8
Digital evidence is defined as "any information of probative value that is either stored
or transmitted in a digital form". Which type of digital data contains system time,
logged-on user(s), open files, network information, process information, process-to-
port mapping, process memory, clipboard contents, service/driver information, and
command history?
A. Volatile Data
B. Non-volatile Data
C. Transient Data
D. Active Data
Correct Answer
A
Page 3 of 18
