Computer Hacking Forensic Investigator

Here you have the best ECCouncil 312-49 practice exam questions

You have 531 total questions to study from
Each page has 5 questions, making a total of 107 pages
You can navigate through the pages using the buttons at the bottom
This questions were last updated on October 13, 2025
This site is not affiliated with or endorsed by ECCouncil.

Question 1 of 531

When an investigator contacts by telephone the domain administrator or controller listed by a Who is lookup to request all e-mails sent and received for a user account be preserved, what U.S.C. statute authorizes this phone call and obligates the ISP to preserve e-mail records?

Title 18, Section 1030

Title 18, Section 2703(d)

Title 18, Section Chapter 90

Title 18, Section 2703(f)

Correct Answer: D

Title 18, Section 2703(f) of the United States Code obligates an Internet Service Provider (ISP) to preserve e-mail records upon request. This statute authorizes law enforcement officials to issue a preservation request to an ISP, requiring them to retain the records specified for a duration to facilitate subsequent legal processes.

Question 2 of 531

Item 2If you come across a sheepdip machine at your client site, what would you infer?

A sheepdip coordinates several honeypots

A sheepdip computer is another name for a honeypot

A sheepdip computer is used only for virus-checking.

A sheepdip computer defers a denial of service attack

Correct Answer: C

A sheepdip computer is used only for virus-checking. The term 'sheepdip' refers to a process where a computer, separate from a network, is used to scan software or data for malware before it is introduced to the main network. This is done to ensure that any potential viruses or malicious code are identified and dealt with in a controlled environment to prevent them from infecting other systems.

Question 3 of 531

In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?

rules of evidence

law of probability

chain of custody

policy of separation

Correct Answer: C

In a computer forensics investigation, the term that describes the route that evidence takes from the time it is found until the case is closed or goes to court is called the chain of custody. This concept ensures that the integrity of the evidence is maintained and documented at each stage in the handling process, including collection, transportation, storage, and presentation in court.

Question 4 of 531

How many characters long is the fixed-length MD5 algorithm checksum of a critical system file?

128

Correct Answer: C

The MD5 algorithm produces a hash value that is 128 bits long. When represented as a hexadecimal string, each of the 128 bits is represented by 4 bits, resulting in a 32-character string. Therefore, the fixed-length checksum of an MD5 hash is 32 characters long.

Question 5 of 531

You are working on a thesis for your doctorate degree in Computer Science. Your thesis is based on HTML, DHTML, and other web-based languages and how they have evolved over the years.
You navigate to archive. org and view the HTML code of news.com. You then navigate to the current news.com website and copy over the source code. While searching through the code, you come across something abnormal: What have you found?

Web bug

CGI code

Trojan.downloader

Blind bug

Correct Answer: A