nerdexam
EC-Council

212-89 · Question #37

212-89 Question #37: Real Exam Question with Answer & Explanation

The correct answer is A. Anti-forensics. Anti-forensics refers to techniques used to hinder the forensic analysis of a computer system. By hiding files in slack space, changing file headers, embedding suspicious files in executables, and altering metadata, BadGuy Bob is attempting to make it difficult for forensic analy

Question

BadGuy Bob hid files in the slack space, changed the file headers, hid suspicious files in executables, and changed the metadata for all types of files on his hacker laptop. What has he committed?

Options

  • AAnti-forensics
  • BAdversarial mechanics
  • CFelony
  • DLegal hostility

Explanation

Anti-forensics refers to techniques used to hinder the forensic analysis of a computer system. By hiding files in slack space, changing file headers, embedding suspicious files in executables, and altering metadata, BadGuy Bob is attempting to make it difficult for forensic analysts to find, analyze, and attribute the malicious activities and data on his laptop. These actions are designed to conceal evidence, manipulate digital artifacts, and obstruct investigations, making them clear examples of anti-forensic techniques. While such actions could be part of broader criminal activities, constituting a felony, and could be seen as adversarial mechanics or legal hostility in specific contexts, the most accurate classification of these techniques is anti-forensics.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 212-89 Practice
BadGuy Bob hid files in the slack space, changed the file headers,... | 212-89 Q#37 Answer | NerdExam