Computer Hacking Forensic Investigator (CHFI v10) — Question 457

A cybersecurity investigator is conducting a search and seizure operation involving a large data breach. She needs a witness’s signature for the agreement to proceed. She is considering one of her team members as a witness but is unsure whether this would comply with standard procedures. According to best practices in obtaining witness signatures during such operations, what actions should she take?

Answer options

• A. She should not involve any of her team members as a witness to avoid potential bias in court
• B. If one witness is needed, she may consider her team member, given that they understand the relevance and can testify voluntarily
• C. She should choose anyone present during the seizure as a witness regardless of their understanding of the case
• D. She should choose a member from her team as a witness as it saves time and resources

Correct answer: B

Explanation

The correct answer is B because involving a team member who understands the situation and can testify voluntarily is acceptable as long as they can maintain objectivity. Option A is incorrect as it presents an overly cautious approach that may not be necessary if the team member can remain unbiased. Option C is inappropriate as it disregards the need for a witness to have understanding of the case, while option D prioritizes efficiency over the integrity of the witness's role.