Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

ECCouncil EC0-479 - EC-Council Certified Security Analyst (ECSA)

ECCouncil EC0-479 Premium Access     Download Demo    
Page: 5 / 7
Total 232 questions

One technique for hiding information is to change the file extension from the correct one to one that might not be noticed by an investigator. For example, changing a .jpg extension to a .doc extension so that a picture file appears to be a document. What can an investigator examine to verify that a file has the correct extension?

A.

the File Allocation Table

B.

the file header

C.

the file footer

D.

the sector map

What does mactime, an essential part of the coroner‟s toolkit do?

A.

It traverses the file system and produces a listing of all files based on the modification, access and change timestamps

B.

It can recover deleted file space and search it for datA. However, it does not allow the investigator t preview them

C.

The tools scans for i-node information, which is used by other tools in the tool kit

D.

It is tool specific to the MAC OS and forms a core component of the toolkit

How many characters long is the fixed-length MD5 algorithm checksum of a critical system file?

A.

128

B.

64

C.

32

D.

16

E-mail logs contain which of the following information to help you in your investigation? (Select up to 4)

A.

user account that was used to send the account

B.

attachments sent with the e-mail message

C.

unique message identifier

D.

contents of the e-mail message

E.

date and time the message was sent

You are contracted to work as a computer forensics investigator for a regional bank that has four 30 TB storage area networks that store customer data. What method would be most efficient for you to acquire digital evidence from this network?

A.

create a compressed copy of the file with DoubleSpace

B.

create a sparse data copy of a folder or file

C.

make a bit-stream disk-to-image file

D.

make a bit-stream disk-to-disk file

Which part of the Windows Registry contains the user‟s password file?

A.

HKEY_LOCAL_MACHINE

B.

HKEY_CURRENT_CONFIGURATION

C.

HKEY_USER

D.

HKEY_CURRENT_USER

In a forensic examination of hard drives for digital evidence, what type of user is most likely to have the most file slack to analyze?

A.

one who has NTFS 4 or 5 partitions

B.

one who uses dynamic swap file capability

C.

one who uses hard disk writes on IRQ 13 and 21

D.

one who has lots of allocation units per block or cluster

Lance wants to place a honeypot on his network. Which of the following would be your recommendations?

A.

Use a system that has a dynamic addressing on the network

B.

Use a system that is not directlyinteracing with the router

C.

Use it on a system in an external DMZ in front of the firewall

D.

It doesn‟t matter as all replies are faked

The newer Macintosh Operating System is based on:

A.

OS/2

B.

BSD Unix

C.

Linux

D.

Microsoft Windows

When examining a file with a Hex Editor, what space does the file header occupy?

A.

the last several bytes of the file

B.

the first several bytes of the file

C.

none, file headers are contained in the FAT

D.

one byte at the beginning of the file