Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors

EC-Council Computer Hacking Forensic Investigator 312-49 Dumps in PDF

Free EC-Council 312-49 Real Questions (page: 21)

312-49 PDF — 704 Questions

What information do you need to recover when searching a victim’s computer for a crime committed with specific e-mail message?

  1. Internet service provider information
  2. E-mail header
  3. Username and password
  4. Firewall log

Answer(s): B



Melanie was newly assigned to an investigation and asked to make a copy of all the evidence from the compromised system. Melanie did a DOS copy of all the files on the system. What would be the primary reason for you to recommend a disk imaging tool?

  1. A disk imaging tool would check for CRC32s for internal self-checking and validation and have MD5 checksum
  2. Evidence file format will contain case data entered by the examiner and encrypted at the beginning of the evidence file
  3. A simple DOS copy will not include deleted files, file slack and other information
  4. There is no case for an imaging tool as it will use a closed, proprietary format that if compared to the original will not match up sector for sector

Answer(s): C



You are employed directly by an attorney to help investigate an alleged sexual harassment case at a large pharmaceutical manufacture. While at the corporate office of the company, the CEO demands to know the status of the investigation. What prevents you from discussing the case with the CEO?

  1. the attorney-work-product rule
  2. Good manners
  3. Trade secrets
  4. ISO 17799

Answer(s): A



One technique for hiding information is to change the file extension from the correct one to one that might not be noticed by an investigator. For example, changing a .jpg extension to a .doc extension so that a picture file appears to be a document. What can an investigator examine to verify that a file has the correct extension?

  1. the File Allocation Table
  2. the file header
  3. the file footer
  4. the sector map

Answer(s): B



This organization maintains a database of hash signatures for known software.

  1. International Standards Organization
  2. Institute of Electrical and Electronics Engineers
  3. National Software Reference Library
  4. American National standards Institute

Answer(s): C



PDF
Viewing page 21 of 108

Share your comments for EC-Council 312-49 exam with other users:

P
Puneeth
10/5/2023 2:06:00 AM

new to this site but i feel it is good

EUROPEAN UNION
A
Ashok Kumar
1/2/2024 6:53:00 AM

the correct answer to q8 is b. explanation since the mule app has a dependency, it is necessary to include project modules and dependencies to make sure the app will run successfully on the runtime on any other machine. source code of the component that the mule app is dependent of does not need to be included in the exported jar file, because the source code is not being used while executing an app. compiled code is being used instead.

Anonymous
M
Merry
7/30/2023 6:57:00 AM

good questions

Anonymous
V
VoiceofMidnight
12/17/2023 4:07:00 PM

Delayed the exam until December 29th.

UNITED STATES
U
Umar Ali
8/29/2023 2:59:00 PM

A and D are True

Anonymous
V
vel
8/28/2023 9:17:09 AM

good one with explanation

Anonymous
G
Gurdeep
1/18/2024 4:00:15 PM

This is one of the most useful study guides I have ever used.

CANADA
AI Tutor 👋 I’m here to help!