Computer Hacking Forensic Investigator

Here you have the best EC-Council 312-49 practice exam questions

  • You have 144 total questions to study from
  • Each page has 5 questions, making a total of 29 pages
  • You can navigate through the pages using the buttons at the bottom
  • This questions were last updated on December 17, 2024
Question 1 of 144

When an investigator contacts by telephone the domain administrator or controller listed by a Who is lookup to request all e-mails sent and received for a user account be preserved, what U.S.C. statute authorizes this phone call and obligates the ISP to preserve e-mail records?

    Correct Answer: D

    Title 18, Section 2703(f) of the United States Code obligates an Internet Service Provider (ISP) to preserve e-mail records upon request. This statute authorizes law enforcement officials to issue a preservation request to an ISP, requiring them to retain the records specified for a duration to facilitate subsequent legal processes.

Question 2 of 144

Item 2If you come across a sheepdip machine at your client site, what would you infer?

    Correct Answer: C

    A sheepdip computer is used only for virus-checking. The term 'sheepdip' refers to a process where a computer, separate from a network, is used to scan software or data for malware before it is introduced to the main network. This is done to ensure that any potential viruses or malicious code are identified and dealt with in a controlled environment to prevent them from infecting other systems.

Question 3 of 144

In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?

    Correct Answer: C

    In a computer forensics investigation, the term that describes the route that evidence takes from the time it is found until the case is closed or goes to court is called the chain of custody. This concept ensures that the integrity of the evidence is maintained and documented at each stage in the handling process, including collection, transportation, storage, and presentation in court.

Question 4 of 144

How many characters long is the fixed-length MD5 algorithm checksum of a critical system file?

    Correct Answer: C

    The MD5 algorithm produces a hash value that is 128 bits long. When represented as a hexadecimal string, each of the 128 bits is represented by 4 bits, resulting in a 32-character string. Therefore, the fixed-length checksum of an MD5 hash is 32 characters long.

Question 5 of 144

You are using DriveSpy, a forensic tool and want to copy 150 sectors where the starting sector is 1709 on the primary hard drive. Which of the following formats correctly specifies these sectors?

    Correct Answer: B

    To specify starting at sector 1709 and copying 150 sectors on the primary hard drive using DriveSpy, you would use the format '0:1709, 150'. The '0' indicates the primary hard drive, '1709' is the starting sector, and '150' indicates the number of sectors to be copied.