Free Practice Questions for ACFE CFE-Investigation Exam

The Fraud Examiners Manual clearly states:

“Accessing information set to private could result in claims under privacy laws. Thus, information on social media sites that is restricted by privacy settings could result in liability for fraud examiners due to violation of users’ privacy rights.”

Therefore, D is correct

To confirm ownership of a building, real estate and permit records are most useful. The Manual notes that real property records and related permits identify the owner, provide legal descriptions, and show improvements such as construction of commercial buildings. Court or voter registration records would not typically establish property ownership.

The Fraud Examiners Manual explains:

“A Certified Fraud Examiner should not promise confidentiality or leniency to an informant to obtain testimony… the confidentiality relationship runs first to the client or employer”.

Thus, Lisa cannot guarantee full confidentiality but may state she will do her best.

Both the Manual and CFE Prep guides emphasize that deleted files are recoverable until overwritten. Once overwritten, the original data cannot be retrieved:

“Deleted files are recoverable until they are overwritten because data is not erased… until overwritten. So, deleted files that have been overwritten generally are not recoverable.”

Other file types (deleted shortcuts, hidden files, etc.) can often be recovered, but overwritten files are lost permanently.

Explanation with Extracts = The 2014 Fraud Examiners Manual states:

“The EU Data Protection Directive … regulates the processing, using, and transferring of personal data within the European Union, and it places limits on transmitting personal data to non-EU countries”.

Therefore, a U.S.-based examiner handling HR data of an EU employee must comply with EU GDPR requirements.

Oral consent is generally not sufficient to obtain a suspect’s bank records. The CFE Prep - Investigations states:

“Accessing a subject’s bank records from financial institutions generally requires written consent. Oral consent is the least effective way to obtain permission”.

The Fraud Examiners Manual also notes that bank information can usually only be obtained with subpoena, search warrant, or written consent.

The Fraud Examiners Manual notes:

“Fraud examiners are often tasked with tracing illicit transactions… For example, a victim of fraud might want a tracing search to facilitate the recovery of criminal proceeds”.

The manual notes:

“Records subpoenaed in a criminal case usually are available only to the government during the investigation, and perhaps thereafter if not disclosed at trial”.

Thus, statement D is false.

The Fraud Examiners Manual lists required steps before seizing evidence:

Obtain legal authority.

Review privacy issues.

Ensure software/hardware are validated.

Document surroundings, inspect for traps, image drives, etc.

There is no requirement to assemble a team exclusively of outside experts.

Before seizing evidence in a digital forensic investigation, the 2014 International Fraud Examiners Manual outlines several critical steps:

Obtain legal authority / review orders:

“Before obtaining evidence, ensure that there is legal authority to seize evidence and review the data associated with the evidence. This might require obtaining a warrant in a criminal matter or ensuring that internal policies authorise seizure for an internal investigation.”

Determine privacy issues:

“Before the fraud examiner can seize evidence, he must take certain steps to help ensure that the evidence will be admissible: He must determine whether there are any privacy interests in the item(s) to be searched… In every case where it becomes necessary to seize a computer or other device capable of storing digital evidence, the investigator should consult with legal counsel.”

Use only trained professionals/software:

“It is important to allow a trained examiner to conduct a proper seizure and examination of digital evidence to help ensure that the information can be used in a legal proceeding.”

✅ These are all valid required steps.

In contrast, the idea that the team must be composed only of outside digital forensic experts is NOT a required step. The Manual stresses flexibility in team composition:

“Some organisations have their own in-house personnel… while others might prefer the use of an outside examiner. Sometimes retrieving digital data is as easy as searching the target computer’s hard drive, but other times retrieval requires a thorough knowledge of computers.”

Thus, requiring only outside experts is not a standard step, since investigations may use internal, external, or a mix of specialists depending on the situation.

“Even when a victim refers a fraud case for criminal prosecution, the government will usually not disclose the contents of nonpublic records with the victim during the investigation”.

Thus, option D is most accurate.