Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. EC-Council
  3. 312-49v10

EC-Council 312-49v10 Exam (page: 20)
EC-Council Computer Hacking Forensic Investigator
Updated on: 09-Feb-2026

Viewing Page 20 of 138
312-49v10 PDF 831 Questions

When investigating a Windows System, it is important to view the contents of the page or swap le because:

  1. Windows stores all of the systems con guration information in this le
  2. This is le that windows use to communicate directly with Registry
  3. A Large volume of data can exist within the swap le of which the computer user has no knowledge
  4. This is the le that windows use to store the history of the last 100 commands that were run from the command line

Answer(s): C



Chris has been called upon to investigate a hacking incident reported by one of his clients. The company suspects the involvement of an insider accomplice in the attack. Upon reaching the incident scene, Chris secures the physical area, records the scene using visual media. He shuts the system down by pulling the power plug so that he does not disturb the system in any way. He labels all cables and connectors prior to disconnecting any.
What do you think would be the next sequence of events?

  1. Connect the target media; prepare the system for acquisition; Secure the evidence; Copy the media
  2. Prepare the system for acquisition; Connect the target media; copy the media; Secure the evidence
  3. Connect the target media; Prepare the system for acquisition; Secure the evidence; Copy the media
  4. Secure the evidence; prepare the system for acquisition; Connect the target media; copy the media

Answer(s): B



The use of warning banners helps a company avoid litigation by overcoming an employee assumed __________________________.
When connecting to the company's intranet, network or Virtual Private Network(VPN) and will allow the company's investigators to monitor, search and retrieve information stored within the network.

  1. Right to work
  2. Right of free speech
  3. Right to Internet Access
  4. Right of Privacy

Answer(s): D



What does mactime, an essential part of the coroner's toolkit do?

  1. It traverses the le system and produces a listing of all les based on the modi cation, access and change timestamps
  2. It can recover deleted le space and search it for data. However, it does not allow the investigator to preview them
  3. The tools scans for i-node information, which is used by other tools in the tool kit
  4. It is too speci c to the MAC OS and forms a core component of the toolkit

Answer(s): A



One way to identify the presence of hidden partitions on a suspect's hard drive is to:

  1. Add up the total size of all known partitions and compare it to the total size of the hard drive
  2. Examine the FAT and identify hidden partitions by noting an H in the partition Type eld
  3. Examine the LILO and note an H in the partition Type eld
  4. It is not possible to have hidden partitions on a hard drive

Answer(s): A



Viewing Page 20 of 138



Share your comments for EC-Council 312-49v10 exam with other users:

Emmah 7/29/2023 9:59:00 AM

are these valid chfi questions
KENYA


Christopher 9/5/2022 10:54:00 PM

the new versoin of this exam which i downloaded has all the latest questions from the exam. i only saw 3 new questions in the exam which was not in this dump.
CANADA


Aloke Paul 9/11/2023 6:53:00 AM

is this valid for chfiv9 as well... as i am reker 3rd time...
CHINA