Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. EC0-349

EC-Council EC0-349 Exam Questions
EC0-349 ECCouncil Computer Hacking Forensic Investigator (Page 4 )

Updated On: 24-Feb-2026
Page 4 of 76
PDF with 374 Questions

A law enforcement officer may only search for and seize criminal evidence with _____________, which are facts or circumstances that would lead a reasonable person to believe a crime has been committed or is about to be committed, evidence of the specific crime exists, and the evidence of the specific crime exists at the place to be searched.

  1. probable cause
  2. a preponderance of the evidence
  3. mere suspicion
  4. beyond a reasonable doubt

Answer(s): A



To make sure the evidence you recover and analyze with computer forensics software can be admitted in court, you must test and validate the software. What group is actively providing tools and creating procedures for testing and validating computer forensics software?

  1. Association of Computer Forensics Software Manufactures (ACFSM)
  2. Computer Forensics Tools Validation Committee (CFTVC)
  3. National Institute of Standards and Technology (NIST)
  4. Society for Valid Forensics Tools and Testing (SVFTT)

Answer(s): C



When investigating a Windows system, it is important to view the contents of the "page" or "swap" file because:

  1. Windows stores all of the systems configuration information in this file
  2. a large volume of data can exist within the swap file of which the computer user has no knowledge
  3. this is the file that Windows uses to store the history of the last 100 commands that were run from the command line
  4. this is the file that Windows uses to communicate directly with the Registry

Answer(s): B



Profiling is a forensics technique for analyzing evidence with the goal of identifying the perpetrator from their pervious activity. After a computer has been compromised by a hacker, which of the following would be most important in forming a profile of the incident?

  1. The nature of the attack
  2. The vulnerability exploited in the incident
  3. The manufacture of the system compromised
  4. The logic, formatting and elegance of the code used in the attack

Answer(s): D



When performing a forensics analysis, what device is used to prevent the system from recording data on an evidence disk?

  1. a disk editor
  2. a firewall
  3. a write-blocker
  4. a protocol analyzer

Answer(s): C






Post your Comments and Discuss EC-Council EC0-349 exam dumps with other Community members:

Join the EC0-349 Discussion