312-49V9 Exam Questions

What is the slave device connected to the secondary IDE controller on a Linux OS referred to?

A small law firm located in the Midwest has possibly been breached by a computer hacker looking to obtain information on their clientele. The law firm does not have any on-site IT...

Heather, a computer forensics investigator, is assisting a group of investigators working on a large computer fraud case involving over 20 people. These 20 people, working in diffe...

Under confession, an accused criminal admitted to encrypting child pornography pictures and then hiding them within other pictures. What technique did the accused criminal employ?

What happens when a file is deleted by a Microsoft operating system using the FAT file system?

What must be obtained before an investigation is carried out at a location?

The offset in a hexadecimal code is:

When making the preliminary investigations in a sexual harassment case, how many investigators are you recommended having?

Davidson Trucking is a small transportation company that has three local offices in Detroit Michigan. Ten female employees that work for the company have gone to an attorney report...

When carrying out a forensics investigation, why should you never delete a partition on a dynamic disk?

Why should you never power on a computer that you need to acquire digital evidence from?

What type of attack sends SYN requests to a target system with spoofed IP addresses?

What must an investigator do before disconnecting an iPod from any type of computer?

Which is a standard procedure to perform during all computer forensics investigations?

What technique is used by JPEGs for compression?

The following is a log file screenshot from a default installation of IIS 6.0. What time standard is used by IIS as seen in the screenshot?

The efforts to obtain information before a trial by demanding documents, depositions, questions and answers written under oath, written requests for admissions of fact, and examina...

John is working as a computer forensics investigator for a consulting firm in Canada. He is called to seize a computer at a local web caf?John is working as a computer forensics in...

Given the drive dimensions as follows and assuming a sector has 512 bytes, what is the capacity of the described hard drive? 22,164 cylinders/disk 80 heads/cylinder 63 sectors/trac...

In the following directory listing, which file should be used to restore archived email messages for someone using Microsoft Outlook?

If you are concerned about a high level of compression but not concerned about any possible data loss, what type of compression would you use?

What feature of Decryption Collection allows an investigator to crack a password as quickly as possible?

Daryl, a computer forensics investigator, has just arrived at the house of an alleged computer hacker. Daryl takes pictures and tags all computer and peripheral equipment found in...

What will the following command accomplish? dd if=/dev/xxx of=mbr.backup bs=512 count=1

A forensics investigator is searching the hard drive of a computer for files that were recently moved to the Recycle Bin. He searches for files in C:\RECYCLED using a command line...

During an investigation, an employee was found to have deleted harassing emails that were sent to someone else. The company was using Microsoft Exchange and had message tracking en...

John is working on his company policies and guidelines. The section he is currently working on covers company documents; how they shouldJohn is working on his company? policies and...

Jacob is a computer forensics investigator with over 10 years experience in investigations and has written over 50 articles on computer forensics. He has been called upon as a qual...

At what layer does a cross site scripting attack occur on?

Which legal document allows law enforcement to search an office, place of business, or other locale for evidence relating to an alleged crime?

When should an MD5 hash check be performed when processing evidence?

An on-site incident response team is called to investigate an alleged case of computer tampering within their company. Before proceeding with the investigation, the CEO informs the...

What file is processed at the end of a Windows XP boot to initialize the logon dialog box?

An investigator is searching through the firewall logs of a company and notices ICMP packets that are larger than 65,536 bytes. What type of activity is the investigator seeing?

In the context of file deletion process, which of the following statement holds true?

What advantage does the tool Evidor have over the built-in Windows search?

George was recently fired from his job as an IT analyst at Pitts and Company in Dallas Texas. His main duties as an analyst were to support the company Active Directory structure a...

If a PDA is seized in an investigation while the device is turned on, what would be the proper procedure?

An employee is attempting to wipe out data stored on a couple of compact discs (CDs) and digital video discs (DVDs) by using a large magnet. You inform him that this method will no...

If you discover a criminal act while investigating a corporate policy abuse, it becomes a public- sector investigation and should be referred to law enforcement?

You are using DriveSpy, a forensic tool and want to copy 150 sectors where the starting sector is 1709 on the primary hard drive. Which of the following formats correctly specifies...

Cylie is investigating a network breach at a state organization in Florida. She discovers that the intruders were able to gain access into the company firewalls by overloading them...

When examining the log files from a Windows IIS Web Server, how often is a new log file created?

You are trying to locate Microsoft Outlook Web Access Default Portal using Google search on the Internet. What search string will you use to locate them?

To make sure the evidence you recover and analyze with computer forensics software can be admitted in court, you must test and validate the software. What group is actively providi...

You are employed directly by an attorney to help investigate an alleged sexual harassment case at a large pharmaceutical manufacturer. While at the corporate office of the company,...

John and Hillary works at the same department in the company. John wants to find out Hillary's network password so he can take a look at her documents on the file server. He enable...

Jack Smith is a forensics investigator who works for Mason Computer Investigation Services. He is investigating a computer that was infected by Ramen Virus. He runs the netstat com...

Microsoft Outlook maintains email messages in a proprietary format in what type of file?

You should make at least how many bit-stream copies of a suspect drive?