Computer Hacking Forensic Investigator (CHFI) Exam Practice

Which forensic imaging tool is pre-installed on many Linux distributions?

Harry has collected a suspicious executable file from an infected system and seeks to reverse its machine code to instructions written in assembly language. Which tool should he use for this purpose?

Callen, a forensics officer, was tasked with investigating a recent security incident at an organization. To protect the evidence, Callen maintained a logbook of the project to record observations related to the evidence, used tagging to uniquely identify any evidence, and created a chain of custody record. Identify the investigation step performed by Callen in the above scenario.

Which of the following techniques involves the analysis of logs to detect and study an incident that may have already occurred in a network or device?

What does "slack space" refer to in a file system?

Which tool can be used to detect rogue devices on a network?

What does the superblock in Linux define?

The following regular expression can be used for detecting a typical SQL injection attack: /\w*((\%27)|(\'))((\%6F)|o|(\%4F))((\%72)|r|(\%52))/ix Identify the signature in the above expression that searches for the word “or” with various combinations of its hex values (both uppercase and lowercase combinations).

Which of the following cloud computing threats arises from improper resource isolation, data storage in multiple jurisdictions, and lack of knowledge on jurisdictions?

Which type of attack relies on intercepting and altering communications between two parties?