Month End Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

ECCouncil 312-49v9 - Computer Hacking Forensic Investigator (v9)

ECCouncil 312-49v9 Premium Access     Download Demo    
Page: 1 / 12
Total 589 questions

John is working on his company policies and guidelines. The section he is currently working on covers company documents; how they should be handled, stored, and eventually destroyed. John is concerned about the process whereby outdated documents are destroyed. What type of shredder should John write in the guidelines to be used when destroying documents?

A.

Strip-cut shredder

B.

Cross-cut shredder

C.

Cross-hatch shredder

D.

Cris-cross shredder

Billy, a computer forensics expert, has recovered a large number of DBX files during the forensic investigation of a laptop. Which of the following email clients can he use to analyze the DBX files?

A.

Microsoft Outlook

B.

Eudora

C.

Mozilla Thunderbird

D.

Microsoft Outlook Express

This type of testimony is presented by someone who does the actual fieldwork and does not offer a view in court.

A.

Civil litigation testimony

B.

Expert testimony

C.

Victim advocate testimony

D.

Technical testimony

Which password cracking technique uses every possible combination of character sets?

A.

Rainbow table attack

B.

Brute force attack

C.

Rule-based attack

D.

Dictionary attack

What must an investigator do before disconnecting an iPod from any type of computer?

A.

Unmount the iPod

B.

Mount the iPod

C.

Disjoin the iPod

D.

Join the iPod

What does the 63.78.199.4(161) denotes in a Cisco router log?

Mar 14 22:57:53.425 EST: %SEC-6-IPACCESSLOGP: list internet-inbound denied udp 66.56.16.77(1029) -> 63.78.199.4(161), 1 packet

A.

Destination IP address

B.

Source IP address

C.

Login IP address

D.

None of the above

An investigator has extracted the device descriptor for a 1GB thumb drive that looks like: Disk&Ven_Best_Buy&Prod_Geek_Squad_U3&Rev_6.15. What does the “Geek_Squad” part represent?

A.

Product description

B.

Manufacturer Details

C.

Developer description

D.

Software or OS used

Select the data that a virtual memory would store in a Windows-based system.

A.

Information or metadata of the files

B.

Documents and other files

C.

Application data

D.

Running processes

Centralized binary logging is a process in which many websites write binary and unformatted log data to a single log file. What extension should the investigator look to find its log file?

A.

.cbl

B.

.log

C.

.ibl

D.

.txt

An International Mobile Equipment Identifier (IMEI) is a 15-digit number that indicates the manufacturer, model type, and country of approval for GSM devices. The first eight digits of an IMEI number that provide information about the model and origin of the mobile device is also known as:

A.

Type Allocation Code (TAC)

B.

Integrated Circuit Code (ICC)

C.

Manufacturer Identification Code (MIC)

D.

Device Origin Code (DOC)

What is cold boot (hard boot)?

A.

It is the process of restarting a computer that is already in sleep mode

B.

It is the process of shutting down a computer from a powered-on or on state

C.

It is the process of restarting a computer that is already turned on through the operating system

D.

It is the process of starting a computer from a powered-down or off state

Gary is checking for the devices connected to USB ports of a suspect system during an investigation. Select the appropriate tool that will help him document all the connected devices.

A.

DevScan

B.

Devcon

C.

fsutil

D.

Reg.exe

Which of the following is a device monitoring tool?

A.

Capsa

B.

Driver Detective

C.

Regshot

D.

RAM Capturer

Which among the following search warrants allows the first responder to search and seize the victim’s computer components such as hardware, software, storage devices, and documentation?

A.

John Doe Search Warrant

B.

Citizen Informant Search Warrant

C.

Electronic Storage Device Search Warrant

D.

Service Provider Search Warrant

In a computer that has Dropbox client installed, which of the following files related to the Dropbox client store information about local Dropbox installation and the Dropbox user account, along with email IDs linked with the account?

A.

config.db

B.

install.db

C.

sigstore.db

D.

filecache.db