312-49V9 Exam Questions

Graphics Interchange Format (GIF) is a ____ RGB bitmap image format for images with up to 256 distinct colors per frame.

Hard disk data addressing is a method of allotting addresses to each _______ of data on a hard disk.

Which of the following standard represents a legal precedent regarding the admissibility of scientific examinations or experiments in legal cases?

Event correlation is the process of finding relevance between the events that produce a final result. What type of correlation will help an organization to correlate events across...

What malware analysis operation can the investigator perform using the jv16 tool?

Which of the following email headers specifies an address for mailer-generated errors, like "no such user" bounce messages, to go to (instead of the sender's address)?

Jacob is a computer forensics investigator with over 10 years of experience in investigations and has written over 50 articles on computer forensics. He has been called upon as a q...

When a user deletes a file, the system creates a $I file to store its details. What detail does the $I file not contain?

Raw data acquisition format creates _________ of a data set or suspect drive.

CAN-SPAM act requires that you:

Which of the following registry hive gives the configuration information about which application was used to open various files on the system?

Select the tool appropriate for examining the dynamically linked libraries of an application or malware.

Which among the following U.S. laws requires financial institutions--companies that offer consumers financial products or services such as loans, financial or investment advice, or...

Which of the following application password cracking tool can discover all password-protected items on a computer and decrypts them?

An investigator has found certain details after analysis of a mobile device. What can reveal the manufacturer information?

Which command line tool is used to determine active network connections?

Which of the following processes is part of the dynamic malware analysis?

Investigators can use the Type Allocation Code (TAC) to find the model and origin of a mobile device. Where is TAC located in mobile devices?

What do you call the process in which an attacker uses magnetic field over the digital media device to delete any previously stored data?

Which of the following tool can reverse machine code to assembly language?

Which of the following file formats allows the user to compress the acquired data as well as keep it randomly accessible?

What is the investigator trying to view by issuing the command displayed in the following screenshot?

Which layer of iOS architecture should a forensics investigator evaluate to analyze services such as Threading, File Access, Preferences, Networking and high-level features?

Which command can provide the investigators with details of all the loaded modules on a Linux- based system?

In a Linux-based system, what does the command "Last -F" display?

Which of the following examinations refers to the process of providing the opposing side in a trial the opportunity to question a witness?

Pick the statement which does not belong to the Rule 804. Hearsay Exceptions; Declarant Unavailable.

Which of the following is a responsibility of the first responder?

NTFS sets a flag for the file once you encrypt it and creates an EFS attribute where it stores Data Decryption Field (DDF) and Data Recovery Field (DDR). Which of the following is...

If the partition size is 4 GB, each cluster will be 32 K. Even if a file needs only 10 K, the entire 32 K will be allocated, resulting in 22 K of ________.

After suspecting a change in MS-Exchange Server storage archive, the investigator has analyzed it. Which of the following components is not an actual part of the archive?

Which of the following is a non-zero data that an application allocates on a hard disk cluster in systems running on Windows OS?

Which of the following is a tool to reset Windows admin password?

Ron, a computer forensics expert, is investigating a case involving corporate espionage. He has recovered several mobile computing devices from the crime scene. One of the evidence...

Select the data that a virtual memory would store in a Windows-based system.

Which of the following does not describe the type of data density on a hard disk?

Amelia has got an email from a well-reputed company stating in the subject line that she has won a prize money, whereas the email body says that she has to pay a certain amount for...

Which principle states that "anyone or anything, entering a crime scene takes something of the scene with them, and leaves something of themselves behind when they leave"?

During an investigation, Noel found the following SIM card from the suspect's mobile. What does the code 89 44 represent?

Which of the following file system uses Master File Table (MFT) database to store information about every file and directory on a volume?

As a part of the investigation, Caroline, a forensic expert, was assigned the task to examine the transaction logs pertaining to a database named Transfers. She used SQL Server Man...

%3cscript%3ealert("XXXXXXXX")%3c/script%3e is a script obtained from a Cross-Site Scripting attack. What type of encoding has the attacker employed?

Which of the following is a device monitoring tool?

What system details can an investigator obtain from the NetBIOS name table cache?

While analyzing a hard disk, the investigator finds that the file system does not use UEFI-based interface. Which of the following operating systems is present on the hard disk?

In which registry does the system store the Microsoft security IDs?

An investigator has extracted the device descriptor for a 1GB thumb drive that looks like: Disk&Ven_Best_Buy&Prod_Geek_Squad_U3&Rev_6.15. What does the "Geek_Squad" part represent?

Which of the following Perl scripts will help an investigator to access the executable image of a process?

Which of the following attack uses HTML tags like <script></script>?

Examination of a computer by a technically unauthorized person will almost always result in: