Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

ECCouncil 312-49 - Computer Hacking Forensic Investigator

ECCouncil 312-49 Premium Access     Download Demo    
Page: 2 / 11
Total 531 questions

Kyle is performing the final testing of an application he developed for the accounting department.

His last round of testing is to ensure that the program is as secure as possible. Kyle runs the following command. What is he testing at this point?

#include #include int main(int argc, char

*argv[]) { char buffer[10]; if (argc < 2) { fprintf (stderr, "USAGE: %s string\n", argv[0]); return 1; }

strcpy(buffer, argv[1]); return 0; }

A.

Buffer overflow

B.

SQL injection

C.

Format string bug

D.

Kernal injection

What should you do when approached by a reporter about a case that you are working on or have worked on?

A.

Refer the reporter to the attorney that retained you

B.

Say, "no comment"

C.

Answer all the reporter’s questions as completely as possible

D.

Answer only the questions that help your case

While working for a prosecutor, what do you think you should do if the evidence you found appears to be exculpatory and is not being released to the defense?

A.

Keep the information of file for later review

B.

Destroy the evidence

C.

Bring the information to the attention of the prosecutor, his or her supervisor or finally to the judge

D.

Present the evidence to the defense attorney

An "idle" system is also referred to as what?

A.

PC not connected to the Internet

B.

Zombie

C.

PC not being used

D.

Bot

Which of the following is NOT an anti-forensics technique?

A.

Data Deduplication

B.

Steganography

C.

Encryption

D.

Password Protection

What is the size value of a nibble?

A.

0.5 kilo byte

B.

0.5 bit

C.

0.5 byte

D.

2 bits

Using Linux to carry out a forensics investigation, what would the following command accomplish?

dd if=/usr/home/partition.image of=/dev/sdb2 bs=4096 conv=notrunc,noerror

A.

Search for disk errors within an image file

B.

Backup a disk to an image file

C.

Copy a partition to an image file

D.

Restore a disk from an image file

Where does Encase search to recover NTFS files and folders?

A.

MBR

B.

MFT

C.

Slack space

D.

HAL

Area density refers to:

A.

the amount of data per disk

B.

the amount of data per partition

C.

the amount of data per square inch

D.

the amount of data per platter

To make sure the evidence you recover and analyze with computer forensics software can be admitted in court, you must test and validate the software. What group is actively providing tools and creating procedures for testing and validating computer forensics software?

A.

Computer Forensics Tools and Validation Committee (CFTVC)

B.

Association of Computer Forensics Software Manufactures (ACFSM)

C.

National Institute of Standards and Technology (NIST)

D.

Society for Valid Forensics Tools and Testing (SVFTT)

Which rule requires an original recording to be provided to prove the content of a recording?

A.

1004

B.

1002

C.

1003

D.

1005

What operating system would respond to the following command?

A.

Windows 95

B.

FreeBSD

C.

Windows XP

D.

Mac OS X

A forensic examiner is examining a Windows system seized from a crime scene. During the examination of a suspect file, he discovered that the file is password protected. He tried guessing the password using the suspect’s available information but without any success. Which of the following tool can help the investigator to solve this issue?

A.

Cain & Abel

B.

Xplico

C.

Recuva

D.

Colasoft’s Capsa

Smith, a forensic examiner, was analyzing a hard disk image to find and acquire deleted sensitive files. He stumbled upon a $Recycle.Bin folder in the root directory of the disk. Identify the operating system in use.

A.

Windows 98

B.

Linux

C.

Windows 8.1

D.

Windows XP

Which one of the following is not a first response procedure?

A.

Preserve volatile data

B.

Fill forms

C.

Crack passwords

D.

Take photos