CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. 312-49

Free 312-49 Exam Braindumps (page: 9)

Page 8 of 133
PDF with 531 Questions

Which is a standard procedure to perform during all computer forensics investigations?

  1. with the hard drive removed from the suspect PC, check the date and time in the system's CMOS
  2. with the hard drive in the suspect PC, check the date and time in the File Allocation Table
  3. with the hard drive removed from the suspect PC, check the date and time in the system's RAM
  4. with the hard drive in the suspect PC, check the date and time in the system's CMOS

Answer(s): A



E-mail logs contain which of the following information to help you in your investigation? (Choose four.)

  1. user account that was used to send the account
  2. attachments sent with the e-mail message
  3. unique message identifier
  4. contents of the e-mail message
  5. date and time the message was sent

Answer(s): A,C,D,E



In a forensic examination of hard drives for digital evidence, what type of user is most likely to have the most file slack to analyze?

  1. one who has NTFS 4 or 5 partitions
  2. one who uses dynamic swap file capability
  3. one who uses hard disk writes on IRQ 13 and 21
  4. one who has lots of allocation units per block or cluster

Answer(s): D



In what way do the procedures for dealing with evidence in a criminal case differ from the procedures for dealing with evidence in a civil case?

  1. evidence must be handled in the same way regardless of the type of case
  2. evidence procedures are not important unless you work for a law enforcement agency
  3. evidence in a criminal case must be secured more tightly than in a civil case
  4. evidence in a civil case must be secured more tightly than in a criminal case

Answer(s): C






Post your Comments and Discuss EC-Council 312-49 exam with other Community members:

312-49 Discussions & Posts