Computer Hacking Forensic Investigator (CHFI v10) — Question 492

In an investigation of cybercrime involving advanced persistent threats (APTs), the forensic team faces challenges in managing and interpreting the digital evidence due to the global origin of the crime and the diverse nature of the digital devices involved. The investigator has to select the most effective method to overcome these challenges. What should be the preferred approach?

Answer options

• A. Invest in powerful automated tools to handle the high complexity of digital evidence
• B. Opt for traditional investigation approaches that examine local physical devices
• C. Improve collaboration with international law enforcement agencies to bridge the gap in jurisdictional boundaries
• D. Speed up the investigation process by bypassing the need for warrants and authorizations

Correct answer: A

Explanation

The correct answer, A, is appropriate because investing in powerful automated tools can effectively manage the complexity of the evidence from diverse sources. Option B is less effective as it limits the investigation to local devices, which may not address the global nature of APTs. Option C, while important for collaboration, does not directly tackle the complexities of digital evidence. Option D is unethical and illegal, undermining the integrity of the investigation.