Computer Hacking Forensic Investigator (CHFI) Practice Exam

In mobile forensic investigations, capturing the state of a device is crucial for preserving evidence. Photographing and recording the contents of a device's display when it is ON allows investigators to document valuable information that may be on the screen at that moment. This can include text messages, emails, app information, or settings, all of which may be pertinent to the investigation.

By documenting what is visible on the screen, forensic investigators create a visual record that can be referenced later without altering the original evidence. This practice serves to maintain the chain of custody and to ensure that no relevant data is overlooked or lost when the device is subsequently analyzed in a controlled environment. This step is part of a broader strategy to ensure that evidence is preserved in its original condition as much as possible.

Other options present practices that could potentially compromise the integrity of the evidence. For instance, avoiding interaction with the device by leaving wireless interfaces active is counterproductive as it could alter the state of the device or cause it to communicate with networks, possibly resulting in data being overwritten or lost. Handling evidence without gloves risks contaminating physical evidence, which is critical in any forensic context. Additionally, unplugging devices from cradles or PCs could lead to data loss or corruption, particularly if the device