Cisco®
Oracle
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. EC0-349

Free EC-Council EC0-349 Exam Braindumps

What does machine, an essential part of the coroner's toolkit do?

  1. It is a tool specific to the MAC OS and forms a core component of the toolkit
  2. It traverses the file system and produces a listing of all files based on the modification, access and change timestamps
  3. The tools scans for i-node information, which is used by other tools in the tool kit
  4. It can recover deleted file space and search it for data. However, it does not allow the investigator to preview them

Answer(s): B



When examining a file with a Hex Editor, what space does the file header occupy?

  1. the first several bytes of the file
  2. the last several bytes of the file
  3. none, file headers are contained in the FAT
  4. one byte at the beginning of the file

Answer(s): A



In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?

  1. chain of custody
  2. law of probability
  3. rules of evidence
  4. policy of separation

Answer(s): A



E-mail logs contain which of the following information to help you in your investigation?

  1. attachments sent with the e-mail message
  2. contents of the e-mail message
  3. user account that was used to send the message
  4. unique message identifier
  5. date and time the message was sent

Answer(s): A,B,C,E






Post your Comments and Discuss EC-Council EC0-349 exam prep with other Community members:

EC0-349 Exam Discussions & Posts