CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. 312-49

Free 312-49 Exam Braindumps (page: 26)

Page 26 of 133
PDF with 531 Questions

What information do you need to recover when searching a victim’s computer for a crime committed with specific e-mail message?

  1. Internet service provider information
  2. E-mail header
  3. Username and password
  4. Firewall log

Answer(s): B



Melanie was newly assigned to an investigation and asked to make a copy of all the evidence from the compromised system. Melanie did a DOS copy of all the files on the system. What would be the primary reason for you to recommend a disk imaging tool?

  1. A disk imaging tool would check for CRC32s for internal self-checking and validation and have MD5 checksum
  2. Evidence file format will contain case data entered by the examiner and encrypted at the beginning of the evidence file
  3. A simple DOS copy will not include deleted files, file slack and other information
  4. There is no case for an imaging tool as it will use a closed, proprietary format that if compared to the original will not match up sector for sector

Answer(s): C



You are employed directly by an attorney to help investigate an alleged sexual harassment case at a large pharmaceutical manufacture. While at the corporate office of the company, the CEO demands to know the status of the investigation. What prevents you from discussing the case with the CEO?

  1. the attorney-work-product rule
  2. Good manners
  3. Trade secrets
  4. ISO 17799

Answer(s): A



One technique for hiding information is to change the file extension from the correct one to one that might not be noticed by an investigator. For example, changing a .jpg extension to a .doc extension so that a picture file appears to be a document. What can an investigator examine to verify that a file has the correct extension?

  1. the File Allocation Table
  2. the file header
  3. the file footer
  4. the sector map

Answer(s): B



Page 26 of 133



Post your Comments and Discuss EC-Council 312-49 exam with other Community members:

Valery commented on August 13, 2024
What version of exam have this dumps?
KAZAKHSTAN
upvote

Moorthy commented on June 01, 2024
This is the best place to pratice C_CPI_15 exam.
Anonymous
upvote

Carlos commented on February 29, 2024
@AKM, I took this exam about 2 weeks ago. The questions in this exam dumps are very similar to the exam. However some answers were not that accurate. I got the full PDF version with the testing software called Xengien app. It did help me pass my exam. So yes, it is worth it.
UNITED STATES
upvote

AKM commented on February 29, 2024
Have anyone took the test after practicing here? What is accuracy of this question compared to actual test
INDIA
upvote

SA commented on February 07, 2024
Great place to test your preparation.
INDIA
upvote

Balu commented on November 03, 2014
Thank you so much for helping me on this. Let me have a look on this and will provide further update as soon as possible.
UNITED STATES
upvote