Computer Hacking Forensic Investigator (CHFI v10) — Question 392

An individual skilled in Forensic Investigation has been summoned to look into a potentially unlawful transaction, believed to have unfolded on the shadowy expanses of the dark web. The investigator knows that the suspect used the Tor network for the transaction. Which of the following aspects of the Tor network should the investigator focus on primarily to trace the origin of the data transmission?

Answer options

• A. The Exit Relay, as it sends the data to the destination server
• B. The Tor Bridge Node, as it helps to circumvent restrictions on the Tor network
• C. The Middle Relay, as it transmits the data in an encrypted format
• D. The Entry/Guard Relay, as it provides an entry point to the Tor network

Correct answer: A

Explanation

The correct answer is A, as the Exit Relay is the final node where the data exits the Tor network and is sent to the destination server, making it crucial for tracing the origin of the transmission. Options B, C, and D focus on other components of the Tor network that do not directly relate to tracing the exit point of the data, which is key in forensic investigations.