You have been asked to investigate the possibility of computer fraud in the finance department of a company. It is suspected that a staff member has been committing finance fraud by printing cheques that have not been authorized. You have exhaustively searched all data files on a bitmap image of the target computer, but have found no evidence. You suspect the files may not have been saved. What should you examine next in this case?
Answer(s): B
When marking evidence that has been collected with the aa/ddmmyy/nnnn/zz?format, what does the nnn?denote?When marking evidence that has been collected with the ?aa/ddmmyy/nnnn/zz?format, what does the ?nnn?denote?
Answer(s): D
When searching through file headers for picture file formats, what should be searched to find a JPEG file in hexadecimal format?
Answer(s): A
Where does Encase search to recover NTFS files and folders?
Post your Comments and Discuss EC-Council 312-49V9 exam with other Community members:
Olu commented on October 16, 2023 Question 235: 22,164 x 80 x 63 x 512 = 57.19 GB UNITED STATES upvote
Our website is free, but we have to fight against bots and content theft. We're sorry for the inconvenience caused by these security measures. You can access the rest of the 312-49V9 content, but please register or login to continue.