Computer Hacking Forensic Investigator (CHFI) Practice Exam

When documenting an electronic crime scene, the focus is primarily on gathering information that is relevant to the technology involved and the crime being investigated. Documenting the physical scene, related electronic components, and the power status of the computer are all crucial steps to ensure a thorough record of the environment in which the cybercrime occurred.

Recording the power status of the computer helps forensic investigators understand whether the device was actively in use, shut down, or potentially being tampered with at the time the crime was committed. Additionally, documenting electronic components provides critical context for the investigation, such as identifying devices that may contain evidence or further elucidate the methods used by the perpetrator.

In contrast, writing down the color of the suspect's clothing does not pertain directly to the electronic evidence and, therefore, is not a necessary component of documenting the electronic crime scene. While such details may be relevant in a broader criminal investigation, they fall outside the scope of best practices for documentation focused on electronic components and digital evidence, which is the primary objective in this context.