EC-COUNCIL Computer Hacking Forensic Investigator (CHFI-v11) - 312-49v11 Exam Practice Test

In a product liability lawsuit at a manufacturing plant in Detroit, Michigan, a compliance officer determines that potentially responsive records are scattered across multiple departmental repositories. This fragmentation complicates retrieval and increases the risk of omissions that could trigger sanctions. During case preparation to support defensible collection, what step should be addressed first?

Sophia, a penetration tester, is conducting a security audit on a target web application that accepts user input and executes system commands based on the provided input. During her testing, she tries to inject a malicious payload into the application ' s input field to test for command injection vulnerabilities.
After experimenting with several techniques, she realizes that the web application allows her to chain multiple commands together. However, she wants to ensure that the second command only executes if the first one is successful.
Which of the following operators should Sophia use to ensure that the subsequent command is executed only if the first command succeeds?

During a forensic investigation into a cybercrime incident, an investigator is tasked with retrieving artifacts related to the crime from captured registry files. The registry files contain critical evidence, including keys and values that could shed light on the criminal activity. To successfully analyze and extract this data, the investigator needs a tool that allows manipulation and examination of binary data in a detailed and user-friendly environment.
Which of the following tools would be best suited for this task?

Thomas, a cybersecurity analyst, is investigating a potential intrusion into a web server after receiving an alert for suspicious activity. Upon reviewing the IIS logs, he notices an unusually high number of requests coming from the same IP address within a short time period. These requests are spread across various times during the day and seem to target multiple resources on the server. Thomas suspects that the requests may be part of a larger attempt to scan for vulnerabilities or exploit a specific weakness. Which of the following log fields should Thomas focus on to better understand the nature of these requests?

During a preliminary scan at a financial services firm in New York City, a suspicious binary exhibits unusually high entropy and yields almost no readable strings, suggesting concealment tactics that evade basic signatures without execution. To uncover these evasion layers in the file ' s structure prior to any runtime testing, which static analysis technique should the team prioritize to reveal the transformation methods applied to the sample?

Following a forensics investigation, an organization is focused on implementing a comprehensive set of policies and procedures to effectively safeguard electronic data across its systems and networks. These policies are designed to ensure compliance with applicable legal, regulatory, and operational standards while also safeguarding the integrity of the data for future audits, investigations, or legal proceedings. This stage aims to establish clear guidelines for data retention, management of access, and long-term preservation.
Which stage of the Electronic Discovery Reference Model (EDRM) cycle does this activity correspond to?

Liam, a forensic investigator, is tasked with extracting information from a suspect ' s Windows 11 machine.
He needs to examine any relevant data from the Sticky Notes application, which may contain information about the suspects activities. To accomplish this, Liam decides to use Python to access the Sticky Notes database file and extract the data for analysis. Which of the following paths should Liam use to locate the Sticky Notes database file on the suspect ' s Windows 11 system?

As a cybersecurity investigator, you ' re conducting system behavior analysis on a suspect system to detect hidden Trojans. One method involves monitoring startup programs to identify any alterations made by malware.
What command can investigators use in the command prompt to view all boot manager entries and check for potential Trojans added to the startup menu?

During an insider-threat investigation at a technology firm in San Jose, California, network monitoring reveals that security staff captured the contents of employee emails and chat messages in transit and accessed copies stored on the company mail server. To ensure the collection and review of these communications complies with U.S. law, which statute is most directly applicable?