Latest Update ECCouncil 312-49 Dumps from Lead4pass! The latest 312-49 exam dumps can help you pass your first exam!
All issues have been corrected! Guaranteed to be true and effective! For the full exam, please click on https://www.lead4pass.com/312-49.html (VCE and PDF)
Keep learning! Here are the exam questions that Lead4Pass shares for free.
The latest ECCouncil 312-49 dumps pdf by Google Drive
[Latest 312-49 dumps pdf] Free ECCouncil 312-49 pdf dumps download from Google Drive: https://drive.google.com/file/d/1GBpzs4Q60St8b8im1L-ET7nTz4scPLbo/
ECCouncil 312-49 Online practice testing questions and answers
Welcome to your [2021.1] EC-COUNCIL 312-49 practice test
Billy, a computer forensics expert, has recovered a large number of DBX files during the forensic investigation of a
laptop. Which of the following email clients can he use to analyze the DBX files?
A. Microsoft Outlook
C. Mozilla Thunderbird
D. Microsoft Outlook Express
When an investigator contacts by telephone the domain administrator or controller listed by a Who is lookup to request
all e-mails sent and received for a user account be preserved, what U.S.C. statute authorizes this phone call and
obligates the ISP to preserve e-mail records?
A. Title 18, Section 1030
B. Title 18, Section 2703(d)
C. Title 18, Section Chapter 90
D. Title 18, Section 2703(f)
Which of the following Windows-based tool displays who is logged onto a computer, either locally or remotely?
D. Process Monitor
A picture file is recovered from a computer under investigation. During the investigation process, the file is enlarged
500% to get a better view of its contents. The picture quality is not degraded at all from this process. What kind of
picture is this file. What kind of picture is this file?
A. Raster image
B. Vector image
C. Metafile image
D. Catalog image
Which of the following statements is incorrect when preserving digital evidence?
A. Verify if the monitor is in on, off, or in sleep mode
B. Turn on the computer and extract Windows event viewer log files
C. Remove the plug from the power router or modem
D. Document the actions and changes that you observe in the monitor, computer, printer, or in other peripherals
What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 sever
the course of its lifetime?
A. forensic duplication of hard drive
B. analysis of volatile data
C. comparison of MD5 checksums
D. review of SIDs in the Registry
Julia is a senior security analyst for Berber Consulting group. She is currently working on a contract for a small
accounting firm in Florid a. They have given her permission to perform social engineering attacks on the company to
see if their in-house training did any good. Julia calls the main number for the accounting firm and talks to the
receptionist. Julia says that she is an IT technician from the company\\’s main office in Iowa. She states that she needs
the receptionist\\’s network username and password to troubleshoot a problem they are having. Julia says that Bill
Hammond, the CEO of the company, requested this information. After hearing the name of the CEO, the receptionist
gave Julia all the information she asked for. What principal of social engineering did Julia use?
A. Social Validation
Sectors in hard disks typically contain how many bytes?
Which of the following reports are delivered under oath to a board of directors/managers/panel of the jury?
A. Written Formal Report
B. Verbal Formal Report
C. Verbal Informal Report
D. Written Informal Report
Volatile Memory is one of the leading problems for forensics. Worms such as code Red are memory resident and do
write themselves to the hard drive, if you turn the system off they disappear. In a lab environment, which of the following
options would you suggest as the most appropriate to overcome the problem of capturing volatile memory?
A. Use VMware to be able to capture the data in memory and examine it
B. Give the Operating System a minimal amount of memory, forcing it to use a swap file
C. Create a Separate partition of several hundred megabytes and place the swap file there
D. Use intrusion forensic techniques to study memory resident infections
The MD5 program is used to:
A. wipe magnetic media before recycling it
B. make directories on an evidence disk
C. view graphics files on an evidence drive
D. verify that a disk is not altered when you examine it
If you plan to startup a suspect\\’s computer, you must modify the ___________ to ensure that you do not contaminate
or alter data on the suspect\\’shard drive by booting to the hard drive.
A. deltree command