312-49V9 Exam Questions

The IIS log file format is a fixed (cannot be customized) ASCII text-based format. The IIS format includes basic items, such as client IP address, user name, date and time, service...

Which of the following Steganography techniques allows you to encode information that ensures creation of cover for secret communication?

Data files from original evidence should be used for forensics analysis

FAT32 is a 32-bit version of FAT file system using smaller clusters and results in efficient storage capacity. What is the maximum drive size supported?

Data acquisition system is a combination of tools or processes used to gather, analyze and record Information about some phenomenon. Different data acquisition system are used depe...

Network forensics allows Investigators to inspect network traffic and logs to identify and locate the attack system. Network forensics can reveal: (Select three answers)

Dumpster Diving refers to:

Which of the following Wi-Fi chalking methods refers to drawing symbols in public places to advertise open Wi-Fi networks?

Which of the following is not a part of the technical specification of the laboratory-based imaging system?

BMP (Bitmap) is a standard file format for computers running the Windows operating system. BMP images can range from black and white (1 bit per pixel) up to 24 bit color (16.7 mill...

Which of the following statement is not correct when dealing with a powered-on computer at the crime scene?

According to US federal rules, to present a testimony in a court of law, an expert witness needs to furnish certain information to prove his eligibility. Jason, a qualified compute...

Ron. a computer forensics expert, Is Investigating a case involving corporate espionage. He has recovered several mobile computing devices from the crime scene. One of the evidence...

A mobile operating system manages communication between the mobile device and other compatible devices like computers, televisions, or printers. Which mobile operating system archi...

Preparing an image drive to copy files to is the first step in Linux forensics. For this purpose, what would the following command accomplish? dcfldd if=/dev/zero of=/dev/hda bs=40...

When examining a file with a Hex Editor, what space does the file header occupy?

Paraben Lockdown device uses which operating system to write hard drive data?Paraben? Lockdown device uses which operating system to write hard drive data?

What type of file is represented by a colon (:) with a name following it in the Master File Table (MFT) of an NTFS disk?

You are called by an author who is writing a book and he wants to know how long the copyright for his book will last after he has the book published?

What is one method of bypassing a system BIOS password?

When investigating a network that uses DHCP to assign IP addresses, where would you look to determine which system (MAC address) had a specific IP address at a specific time?

What hashing method is used to password protect Blackberry devices?

Paul is a computer forensics investigator working for Tyler & Company Consultants. Paul has been called upon to help investigate a computer hacking ring broken up by the local poli...

To check for POP3 traffic using Ethereal, what port should an investigator search by?

In conducting a computer abuse investigation you become aware that the suspect of the investigation is using ABC Company as his Internet Service Provider (ISP). You contact the ISP...

What does the acronym POST mean as it relates to a PC?

What type of equipment would a forensics investigator store in a StrongHold bag?

What method of copying should always be performed first before carrying out an investigation?

You are working in the Security Department of a law firm. One of the attorneys asks you about the topic of sending fake email because he has a client who has been charged with doin...

With regard to using an antivirus scanner during a computer forensics investigation, you should:

When performing a forensics analysis, what device is used to prevent the system from recording data on an evidence disk?

What term is used to describe a cryptographic technique for embedding information into something else for the sole purpose of hiding that information from the casual observer?

A picture file is recovered from a computer under investigation. During the investigation process, the file is enlarged 500% to get a better view of its contents. The picture quali...

What layer of the OSI model do TCP and UDP utilize?

You have been asked to investigate the possibility of computer fraud in the finance department of a company. It is suspected that a staff member has been committing finance fraud b...

When marking evidence that has been collected with the aa/ddmmyy/nnnn/zz format, what does the nnn denote?

When searching through file headers for picture file formats, what should be searched to find a JPEG file in hexadecimal format?

Where does Encase search to recover NTFS files and folders?

To preserve digital evidence, an investigator should ____________

Where is the default location for Apache access logs on a Linux computer?

What is the CIDR from the following screenshot?

How many times can data be written to a DVD+R disk?

How often must a company keep log files for them to be admissible in a court of law?

When needing to search for a website that is no longer present on the Internet today but was online few years back, what site can be used to view the website collection of pages?vi...

When using an iPod and the host computer is running Windows, what file system will be used?

Harold is a computer forensics investigator working for a consulting firm out of Atlanta Georgia. Harold is called upon to help with a corporate espionage case in Miami Florida. Ha...

Travis, a computer forensics investigator, is finishing up a case he has been working on for over a month involving copyright infringement and embezzlement. His last task is to pre...

What is the smallest physical storage unit on a hard drive?

What technique used by Encase makes it virtually impossible to tamper with evidence once it has been acquired?

You are called in to assist the police in an investigation involving a suspected drug dealer. The police searched the suspect house after aYou are called in to assist the police in...