ECCouncil Computer Hacking Forensic Investigator v7.3

Page:    1 / 21   
Exam contains 306 questions

The offset in a hexadecimal code is:

  • A. The 0x at the beginning of the code
  • B. The 0x at the end of the code
  • C. The first byte after the colon
  • D. The last byte after the colon


Answer : A

If you are concerned about a high level of compression but not concerned about any possible data loss, what type of compression would you use?

  • A. Lossful compression
  • B. Lossy compression
  • C. Lossless compression
  • D. Time-loss compression


Answer : B

When carrying out a forensics investigation, why should you never delete a partition on a dynamic disk?

  • A. All virtual memory will be deleted
  • B. The wrong partition may be set to active
  • C. This action can corrupt the disk
  • D. The computer will be set in a constant reboot state


Answer : C

Which legal document allows law enforcement to search an office, place of business, or other locale for evidence relating to an alleged crime?

  • A. Search warrant
  • B. Subpoena
  • C. Wire tap
  • D. Bench warrant


Answer : A

How often must a company keep log files for them to be admissible in a court of law?

  • A. All log files are admissible in court no matter their frequency
  • B. Weekly
  • C. Monthly
  • D. Continuously


Answer : D

Which is a standard procedure to perform during all computer forensics investigations?

  • A. With the hard drive in the suspect PC, check the date and time in the system CMOSWith the hard drive in the suspect PC, check the date and time in the system? CMOS
  • B. With the hard drive removed from the suspect PC, check the date and time in the system CMOSWith the hard drive removed from the suspect PC, check the date and time in the system? CMOS
  • C. With the hard drive in the suspect PC, check the date and time in the File Allocation Table
  • D. With the hard drive removed from the suspect PC, check the date and time in the system RAMWith the hard drive removed from the suspect PC, check the date and time in the system? RAM


Answer : B

Where does Encase search to recover NTFS files and folders?

  • A. MBR
  • B. MFT
  • C. Slack space
  • D. HAL


Answer : B

Jacob is a computer forensics investigator with over 10 years experience in investigations and has written over 50 articles on computer forensics. He has been called upon as a qualified witness to testify the accuracy and integrity of the technical log files gathered in an investigation into computer fraud. What is the term used for Jacob testimony in this case?computer fraud. What is the term used for Jacob? testimony in this case?

  • A. Justification
  • B. Authentication
  • C. Reiteration
  • D. Certification


Answer : B

You are working in the Security Department of a law firm. One of the attorneys asks you about the topic of sending fake email because he has a client who has been charged with doing just that. His client alleges that he is innocent and that there is no way for a fake email to actually be sent. You inform the attorney that his client is mistaken and that fake email is a possibility and that you can prove it. You return to your desk and craft a fake email to the attorney that appears to come from his boss. What port do you send the email to on the company SMTP server?fake email to the attorney that appears to come from his boss. What port do you send the email to on the company? SMTP server?

  • A. 10
  • B. 25
  • C. 110
  • D. 135


Answer : B

What is one method of bypassing a system BIOS password?

  • A. Removing the processor
  • B. Removing the CMOS battery
  • C. Remove all the system memoryRemove all the system? memory
  • D. Login to Windows and disable the BIOS password


Answer : B

Harold is a computer forensics investigator working for a consulting firm out of Atlanta
Georgia. Harold is called upon to help with a corporate espionage case in Miami Florida.
Harold assists in the investigation by pulling all the data from the computers allegedly used in the illegal activities. He finds that two suspects in the company where stealing sensitive corporate information and selling it to competing companies. From the email and instant messenger logs recovered, Harold has discovered that the two employees notified the buyers by writing symbols on the back of specific stop signs. This way, the buyers knew when and where to meet with the alleged suspects to buy the stolen material. What type of steganography did these two suspects use?

  • A. Text semagram
  • B. Visual semagram
  • C. Grill cipher
  • D. Visual cipher


Answer : B

What is the slave device connected to the secondary IDE controller on a Linux OS referred to?

  • A. hda
  • B. hdd
  • C. hdb
  • D. hdc


Answer : B

You are called in to assist the police in an investigation involving a suspected drug dealer.
The police searched the suspect house after aYou are called in to assist the police in an investigation involving a suspected drug dealer. The police searched the suspect? house after a warrant was obtained and they located a floppy disk in the suspect bedroom. The disk contains several files, but they appear to be passwordwarrant was obtained and they located a floppy disk in the suspect? bedroom. The disk contains several files, but they appear to be password protected. What are two common methods used by password cracking software that you could use to obtain the password?

  • A. Limited force and library attack
  • B. Brute force and dictionary attack
  • C. Maximum force and thesaurus attack
  • D. Minimum force and appendix attack


Answer : B

During an investigation, an employee was found to have deleted harassing emails that were sent to someone else. The company was using Microsoft Exchange and had message tracking enabled. Where could the investigator search to find the message tracking log file on the Exchange server?

  • A. C:\Program Files\Exchsrvr\servername.log
  • B. D:\Exchsrvr\Message Tracking\servername.log
  • C. C:\Exchsrvr\Message Tracking\servername.log
  • D. C:\Program Files\Microsoft Exchange\srvr\servername.log


Answer : A

Paul is a computer forensics investigator working for Tyler & Company Consultants. Paul has been called upon to help investigate a computer hacking ring broken up by the local police. Paul begins to inventory the PCs found in the hackers?hideout. Paul then comes across a PDA left by them that is attached to a number of different peripheral devices.
What is the first step that Paul must take with the PDA to ensure the integrity of the investigation?

  • A. Place PDA, including all devices, in an antistatic bag
  • B. Unplug all connected devices
  • C. Power off all devices if currently on
  • D. Photograph and document the peripheral devices


Answer : D

Page:    1 / 21   
Exam contains 306 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary doesn't offer Real Microsoft Exam Questions.
Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.