Computer Hacking Forensic Investigator (CHFI v10) — Question 591

The investigative team at a private security firm is conducting a forensic examination of a complex cyberattack case. They need to follow the ACPO Principles of Digital Evidence during the investigation. However, one of the investigators is unsure of some of these principles. Which of the following statements correctly represents the ACPO principles?

Answer options

• A. The audit trail of all processes applied to the digital evidence must be created and preserved, but a third-party examination is not necessary
• B. Any individual, regardless of their competence level, can access original data held on a computer if they can explain the relevance of their actions
• C. The person leading the investigation is responsible for ensuring the adherence to the law and these principles, regardless of the actions of their subordinates
• D. Any original data accessed for the investigation can be changed by any team member if deemed necessary

Correct answer: C

Explanation

The correct answer is C because the lead investigator has the ultimate responsibility for ensuring that the investigation adheres to both legal standards and the ACPO principles. Option A is incorrect as it downplays the importance of third-party examination, which is essential for integrity. Option B is wrong since not just anyone can access original data; they must have the appropriate authority and competence. Option D is incorrect because original data must remain unchanged to maintain its integrity as evidence.