Computer Hacking Forensic Investigator (CHFI v10) — Question 587

A state department site was recently attacked and all the servers had their disks erased. The incident response team sealed the area and commenced investigation. During evidence collection they came across a zip disks that did not have the standard labeling on it. The incident team ran the disk on an isolated system and found that the system disk was accidentally erased. They decided to call in the FBI for further investigation. Meanwhile, they short listed possible suspects including three summer interns. Where did the incident team go wrong?

Answer options

• A. They examined the actual evidence on an unrelated system
• B. They attempted to implicate personnel without proof
• C. They tampered with evidence by using it
• D. They called in the FBI without correlating with the fingerprint data

Correct answer: C

Explanation

The correct answer is C because by using the zip disk on an isolated system, they inadvertently altered the evidence, which is a breach of proper evidence handling protocols. Answer A is incorrect as they did not just examine unrelated evidence; they altered it. Answer B is also wrong as they did not formally implicate anyone without further proof. Answer D is not applicable since they did not mention fingerprint data correlation.