Free CHFI Practice

Free Computer Hacking Forensic Investigator (CHFI) Quiz

Test your CHFI v10 knowledge with this free practice quiz. Questions cover digital forensics fundamentals, evidence acquisition and handling, hard disk and OS forensics, network forensics, mobile forensics, cloud forensics, and report writing.

Designed for cybersecurity and law enforcement professionals in Australia pursuing digital forensics expertise.

Explore IT Courses

CHFI Ready? Start the Free Quiz

Answer the multiple-choice questions below and submit to see how many you got right. A new randomised set is drawn from the question bank each session.

Select an answer to start0%
01What is the primary goal of computer forensics?
02Which forensics principle states that every contact between two objects leaves a mutual trace?
03What is the 'chain of custody' in digital forensics?
04Which standard describes the process for handling digital evidence used in computer forensics investigations?
05In what order should a forensic investigator collect volatile data from a live system?
06What is a 'forensic image' and why is it used instead of copying files directly?
07Which hashing algorithm is most commonly used to verify the integrity of forensic evidence and is favoured over MD5 for new investigations?
08What is 'metadata' in the context of digital evidence?
09Which type of evidence refers to digital records that are generated automatically by computer systems rather than created directly by a human?
10What is the 'best evidence rule' as it applies to digital forensics?
11Which file attribute timestamps, collectively called MACE, are commonly examined in Windows NTFS forensics?
12Which forensic tool is used to create bit-for-bit copies of hard drives and supports output in both raw (dd) and E01/EWF formats?
13In NTFS, which structure is often referred to as the 'heart of the file system' and contains a record for every file and directory on the volume?
14What is 'file carving' in disk forensics?
15What is 'slack space' on a hard drive and why is it forensically significant?
16Which disk partition scheme replaces MBR on modern systems and supports disks larger than 2 TB and more than four primary partitions?
17Which Windows registry hive contains user-specific configuration data such as desktop preferences, application settings, and recently accessed files?
18Which Windows artefact records the last ten commands typed by each user in the Run dialog box?
19Which Windows artefact, stored in C:\Windows\Prefetch, records execution statistics for applications, helping forensicators determine if a programme was run?
20In Linux forensics, which directory contains logs such as auth.log, syslog, and kern.log that are critical for investigating security incidents?
21What information can be obtained from Windows Event Log Event ID 4624?
22Which Windows artefact records the first and last time a USB device was connected to a system, along with its device serial number?
23Which network forensic tool captures and analyses full packet data (PCAP files) and is the industry standard for network traffic analysis?
24What is NetFlow and how is it used in network forensics?
25During a network forensic investigation, an investigator observes regular outbound HTTPS connections from a workstation to an unusual domain every 60 seconds. What activity does this suggest?
Ask anything!