Here you have the best EC-Council 312-49 practice exam questions
When an investigator contacts by telephone the domain administrator or controller listed by a Who is lookup to request all e-mails sent and received for a user account be preserved, what U.S.C. statute authorizes this phone call and obligates the ISP to preserve e-mail records?
Title 18, Section 2703(f) of the United States Code obligates an Internet Service Provider (ISP) to preserve e-mail records upon request. This statute authorizes law enforcement officials to issue a preservation request to an ISP, requiring them to retain the records specified for a duration to facilitate subsequent legal processes.
Item 2If you come across a sheepdip machine at your client site, what would you infer?
A sheepdip computer is used only for virus-checking. The term 'sheepdip' refers to a process where a computer, separate from a network, is used to scan software or data for malware before it is introduced to the main network. This is done to ensure that any potential viruses or malicious code are identified and dealt with in a controlled environment to prevent them from infecting other systems.
In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?
In a computer forensics investigation, the term that describes the route that evidence takes from the time it is found until the case is closed or goes to court is called the chain of custody. This concept ensures that the integrity of the evidence is maintained and documented at each stage in the handling process, including collection, transportation, storage, and presentation in court.
How many characters long is the fixed-length MD5 algorithm checksum of a critical system file?
The MD5 algorithm produces a hash value that is 128 bits long. When represented as a hexadecimal string, each of the 128 bits is represented by 4 bits, resulting in a 32-character string. Therefore, the fixed-length checksum of an MD5 hash is 32 characters long.
You are using DriveSpy, a forensic tool and want to copy 150 sectors where the starting sector is 1709 on the primary hard drive. Which of the following formats correctly specifies these sectors?
To specify starting at sector 1709 and copying 150 sectors on the primary hard drive using DriveSpy, you would use the format '0:1709, 150'. The '0' indicates the primary hard drive, '1709' is the starting sector, and '150' indicates the number of sectors to be copied.