Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. EC0-349

EC-Council EC0-349 Exam Questions
EC0-349 ECCouncil Computer Hacking Forensic Investigator (Page 8 )

Updated On: 24-Feb-2026
Page 8 of 76
PDF with 374 Questions

You are working as an independent computer forensics investigator and receive a call from a systems administrator for a local school system requesting your assistance. One of the students at the local high school is suspected of downloading inappropriate images from the Internet to a PC in the Computer Lab. When you arrive at the school, the systems administrator hands you a hard drive and tells you that he made a simple backup copy of the hard drive in the PC and put it on this drive and requests that you examine the drive for evidence of the suspected images. You inform him that a simple backup copy will not provide deleted files or recover file fragments. What type of copy do you need to make to ensure that the evidence found is complete and admissible in future proceedings?

  1. incremental backup copy
  2. bit-stream copy
  3. robust copy
  4. full backup copy

Answer(s): B



The offset in a hexadecimal code is:

  1. The 0x at the beginning of the code
  2. The first byte after the colon
  3. The last byte after the colon
  4. The 0x at the end of the code

Answer(s): A



What does machine, an essential part of the coroner's toolkit do?

  1. It is a tool specific to the MAC OS and forms a core component of the toolkit
  2. It traverses the file system and produces a listing of all files based on the modification, access and change timestamps
  3. The tools scans for i-node information, which is used by other tools in the tool kit
  4. It can recover deleted file space and search it for data. However, it does not allow the investigator to preview them

Answer(s): B



When examining a file with a Hex Editor, what space does the file header occupy?

  1. the first several bytes of the file
  2. the last several bytes of the file
  3. none, file headers are contained in the FAT
  4. one byte at the beginning of the file

Answer(s): A



In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?

  1. chain of custody
  2. law of probability
  3. rules of evidence
  4. policy of separation

Answer(s): A






Post your Comments and Discuss EC-Council EC0-349 exam dumps with other Community members:

Join the EC0-349 Discussion