Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. EC-Council
  3. 312-49v10

EC-Council 312-49v10 Exam (page: 6)
EC-Council Computer Hacking Forensic Investigator
Updated on: 25-Dec-2025

Viewing Page 6 of 138
312-49v10 PDF 831 Questions

Which legal document allows law enforcement to search an o ce, place of business, or other locale for evidence relating to an alleged crime?

  1. bench warrant
  2. wire tap
  3. subpoena
  4. search warrant

Answer(s): D



You are working as an investigator for a corporation and you have just received instructions from your manager to assist in the collection of 15 hard drives that are part of an ongoing investigation.
Your job is to complete the required evidence custody forms to properly document each piece of evidence as it is collected by other members of your team. Your manager instructs you to complete one multi-evidence form for the entire case and a single-evidence form for each hard drive. How will these forms be stored to help preserve the chain of custody of the case?

  1. All forms should be placed in an approved secure container because they are now primary evidence in the case.
  2. The multi-evidence form should be placed in the report le and the single-evidence forms should be kept with each hard drive in an approved secure container.
  3. The multi-evidence form should be placed in an approved secure container with the hard drives and the single-evidence forms should be placed in the report le.
  4. All forms should be placed in the report le because they are now primary evidence in the case.

Answer(s): B



The MD5 program is used to:

  1. wipe magnetic media before recycling it
  2. make directories on an evidence disk
  3. view graphics les on an evidence drive
  4. verify that a disk is not altered when you examine it

Answer(s): D



Which is a standard procedure to perform during all computer forensics investigations?

  1. with the hard drive removed from the suspect PC, check the date and time in the system's CMOS
  2. with the hard drive in the suspect PC, check the date and time in the File Allocation Table
  3. with the hard drive removed from the suspect PC, check the date and time in the system's RAM
  4. with the hard drive in the suspect PC, check the date and time in the system's CMOS

Answer(s): A



E-mail logs contain which of the following information to help you in your investigation? (Choose four.)

  1. user account that was used to send the account
  2. attachments sent with the e-mail message
  3. unique message identi er
  4. contents of the e-mail message
  5. date and time the message was sent

Answer(s): A,C,D,E



Viewing Page 6 of 138



Share your comments for EC-Council 312-49v10 exam with other users:

Emmah 7/29/2023 9:59:00 AM

are these valid chfi questions
KENYA


Christopher 9/5/2022 10:54:00 PM

the new versoin of this exam which i downloaded has all the latest questions from the exam. i only saw 3 new questions in the exam which was not in this dump.
CANADA


Aloke Paul 9/11/2023 6:53:00 AM

is this valid for chfiv9 as well... as i am reker 3rd time...
CHINA