According to the CHFI v11 Network and Web Attacks domain, a directory traversal attack (also known as path traversal) is a web-based attack in which an attacker manipulates input parameters (such as ../ sequences) to access files and directories outside the intended web root . This can expose sensitive resources such as configuration files, credentials, source code, system files, and application logs.
The primary forensic objective when investigating a directory traversal attack is to determine the scope and impact of unauthorized access . CHFI v11 emphasizes that investigators must analyze web server logs, application logs, and access records to identify:
Which files or directories were accessed
Whether sensitive or confidential data was exposed
The time frame of the attack
The attacker’s source IP and request patterns
Whether data was viewed, downloaded, or potentially modified
Understanding the extent of data compromise is critical for incident response, regulatory notification, damage assessment, and legal proceedings. It also helps determine whether further attacks (such as privilege escalation or lateral movement) may have occurred following the traversal exploit.
The other options are not aligned with forensic goals. Hardware configuration analysis and bandwidth optimization are operational tasks, not forensic objectives. Enhancing user experience is unrelated to incident investigation.
CHFI v11 clearly states that the focus of web attack forensics is impact assessment and evidence reconstruction , making determining unauthorized access and data compromise the correct objective.
Therefore, the correct and CHFI v11–verified answer is Option C .
