Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
MuleSoft
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. EC0-349

Free EC0-349 Exam Braindumps (page: 4)

Page 4 of 94
PDF with 374 Questions

Which part of the Windows Registry contains the user's password file?

  1. HKEY_CURRENT_CONFIGURATION
  2. HKEY_USER
  3. HKEY_CURRENT_USER
  4. HKEY_LOCAL_MACHINE

Answer(s): B



You are working as an independent computer forensics investigator and receive a call from a systems administrator for a local school system requesting your assistance. One of the students at the local high school is suspected of downloading inappropriate images from the Internet to a PC in the Computer Lab. When you arrive at the school, the systems administrator hands you a hard drive and tells you that he made a simple backup copy of the hard drive in the PC and put it on this drive and requests that you examine the drive for evidence of the suspected images. You inform him that a simple backup copy will not provide deleted files or recover file fragments. What type of copy do you need to make to ensure that the evidence found is complete and admissible in future proceedings?

  1. incremental backup copy
  2. full backup copy
  3. robust copy
  4. bit-stream copy

Answer(s): D



A law enforcement officer may only search for and seize criminal evidence with _____________, which are facts or circumstances that would lead a reasonable person to believe a crime has been committed or is about to be committed, evidence of the specific crime exists, and the evidence of the specific crime exists at the place to be searched.

  1. probable cause
  2. a preponderance of the evidence
  3. mere suspicion
  4. beyond a reasonable doubt

Answer(s): A



To make sure the evidence you recover and analyze with computer forensics software can be admitted in court, you must test and validate the software. What group is actively providing tools and creating procedures for testing and validating computer forensics software?

  1. Association of Computer Forensics Software Manufactures (ACFSM)
  2. Computer Forensics Tools Validation Committee (CFTVC)
  3. National Institute of Standards and Technology (NIST)
  4. Society for Valid Forensics Tools and Testing (SVFTT)

Answer(s): C






Post your Comments and Discuss EC-Council EC0-349 exam prep with other Community members: