Computer Hacking Forensic Investigator (CHFI v10) — Question 419

Consider the scenario where a large multinational corporation suspects an internal security breach, with significant data possibly compromised. The corporate forensic team initiates the process of conducting a comprehensive forensic investigation following the search and seizure protocols. During this process, they want to ensure they capture all the required information and minimize disruption to the company's ongoing business operations. Which among the following activities should NOT be a part of their plan for this search and seizure operation?

Answer options

• A. Generating a comprehensive list of all potentially involved devices along with their specifications, status, and locations
• B. Obtaining formal written consent from the company's owner before beginning the investigation process
• C. Requesting a warrant for search and seizure detailing the exact locations and types of evidence expected to be found
• D. Carrying out all search and seizure activities without seeking witness signatures for the activities performed

Correct answer: D

Explanation

The correct answer is D because conducting search and seizure operations without witness signatures can lead to questions about the integrity and legality of the evidence collected. Options A, B, and C are all essential to ensure a thorough and legally compliant investigation, as they help document the process and protect the rights of the company and its stakeholders.