Profiling is a forensics technique for analyzing evidence with the goal of identifying the perpetrator from their various activity. After a computer has been compromised by a hacker, which of the following would be most important in forming a profile of the incident?
A. The manufacturer of the system compromised
B. The logic, formatting and elegance of the code used in the attack
C. The nature of the attack
D. The vulnerability exploited in the incident
What is the name of the Standard Linux Command that is also available as windows application that can be used to create bit-stream images?
A. mcopy
B. image
C. MD5
D. dd
During the course of a corporate investigation, you find that an Employee is committing a crime. Can the Employer file a criminal complaint with Police?
A. Yes, and all evidence can be turned over to the police
B. Yes, but only if you turn the evidence over to a federal law enforcement agency
C. No, because the investigation was conducted without following standard police procedures
D. No, because the investigation was conducted without warrant
____________________ is simply the application of Computer Investigation and analysis techniques in the interests of determining potential legal evidence.
A. Network Forensics
B. Computer Forensics
C. Incident Response
D. Event Reaction
You are working as Computer Forensics investigator and are called by the owner of an accounting firm to investigate possible computer abuse by one of the firm's employees. You meet with the owner of the firm and discover that the company has never published a policy stating that they reserve the right to inspect their computing assets at will. What do you do?
A. Inform the owner that conducting an investigation without a policy is not a problem because the company is privately owned
B. Inform the owner that conducting an investigation without a policy is a violation of the 4th amendment
C. Inform the owner that conducting an investigation without a policy is a violation of the employee's expectation of privacy
D. Inform the owner that conducting an investigation without a policy is not a problem because a policy is only necessary for government agencies
This organization maintains a database of hash signatures for known software.
A. International Standards Organization
B. Institute of Electrical and Electronics Engineers
C. National Software Reference Library
D. American National standards Institute
The ____________________ refers to handing over the results of private investigations to the authorities because of indications of criminal activity.
A. Locard Exchange Principle
B. Clark Standard
C. Kelly Policy
D. Silver-Platter Doctrine
You are employed directly by an attorney to help investigate an alleged sexual harassment case at a large
pharmaceutical manufacture. While at the corporate office of the company, the CEO demands to know the
status of the investigation.
What prevents you from discussing the case with the CEO?
A. the attorney-work-product rule
B. Good manners
C. Trade secrets D. ISO 17799
One technique for hiding information is to change the file extension from the correct one to one that might not be noticed by an investigator. For example, changing a .jpg extension to a .doc extension so that a picture file appears to be a document. What can an investigator examine to verify that a file has the correct extension?
A. the File Allocation Table
B. the file header
C. the file footer
D. the sector map
What information do you need to recover when searching a victim's computer for a crime committed with specific e-mail message?
A. Internet service provider information
B. E-mail header
C. Username and password
D. Firewall log
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.