EC-Council
312-49V11 · Question #152
312-49V11 Question #152: Real Exam Question with Answer & Explanation
Sign in or unlock 312-49V11 to reveal the answer and full explanation for question #152. The question stem and answer options stay visible for context.
Question
During a forensic investigation of a system suspected to be involved in cybercrime, the investigator observes discrepancies between the $STANDARD_INFORMATION and $FILE_NAME creation dates for some files. As part of the investigation process, the investigator also noted that a utility called BCWipe was found installed on the system. What would be the investigator's most plausible conclusion based on these observations?
Options
- AThe system user used BCWipe to delete specific files securely
- BThe system was compromised with malware that altered the metadata
- CThe files were encrypted using the BCWipe utility
- DThe timestamps for some files have been manipulated, possibly as an anti-forensic measure
Unlock 312-49V11 to see the answer
You've previewed enough free 312-49V11 questions. Unlock 312-49V11 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.