Computer Hacking Forensic Investigator (CHFI v10) — Question 569

A security firm investigating an IoT-based cybercrime involving an Android smartwatch found on the crime scene. The smartwatch is suspected of capturing sensitive information such as PINs and passwords through motion sensors and GPS tracking. The paired smartphone is not available. Which of the following steps should the investigator undertake first to proceed with the forensics process effectively?

Answer options

• A. Extract data from the smartwatch's memory before it gets volatile
• B. Identify APIs like Data API, Message API, and Node API on the smartwatch
• C. Generate forensic images of the evidence found on the crime scene
• D. Look for cloud data and mobile data linked to the smartwatch

Correct answer: A

Explanation

The correct answer is A because extracting data from the smartwatch's memory is crucial to preserve volatile information that could be lost if the device is powered down or tampered with. Options B, C, and D are important steps but should be performed after securing the data from the smartwatch to ensure that no evidence is lost.