1. Home
  2. EC-COUNCIL
  3. 312-49

ECCouncil Computer Hacking Forensic Investigator (V9)

Exam Details

  • Exam Code
    :312-49
  • Exam Name
    :ECCouncil Computer Hacking Forensic Investigator (V9)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :531 Q&As
  • Last Updated
    :Apr 11, 2025

EC-COUNCIL EC-COUNCIL Certifications 312-49 Questions & Answers

  • Question 61:

    Select the data that a virtual memory would store in a Windows-based system.

    A. Information or metadata of the files

    B. Documents and other files

    C. Application data

    D. Running processes

  • Question 62:

    Which of the following does not describe the type of data density on a hard disk?

    A. Volume density

    B. Track density

    C. Linear or recording density

    D. Areal density

  • Question 63:

    Ron, a computer forensics expert, is investigating a case involving corporate espionage. He has recovered several mobile computing devices from the crime scene. One of the evidence that Ron possesses is a mobile phone from Nokia that was left in ON condition. Ron needs to recover the IMEI number of the device to establish the identity of the device owner. Which of the following key combinations can he use to recover the IMEI number?

    A. #*06*#

    B. *#06#

    C. #06#*

    D. *IMEI#

  • Question 64:

    Which of the following is a tool to reset Windows admin password?

    A. R-Studio

    B. Windows Password Recovery Bootdisk

    C. Windows Data Recovery Software

    D. TestDisk for Windows

  • Question 65:

    Which of the following is a non-zero data that an application allocates on a hard disk cluster in systems running on Windows OS?

    A. Sparse File

    B. Master File Table

    C. Meta Block Group

    D. Slack Space

  • Question 66:

    If the partition size is 4 GB, each cluster will be 32 K. Even if a file needs only 10 K, the entire 32 K will be allocated, resulting in 22 K of ________.

    A. Slack space

    B. Deleted space

    C. Sector space

    D. Cluster space

  • Question 67:

    After suspecting a change in MS-Exchange Server storage archive, the investigator has analyzed it. Which of the following components is not an actual part of the archive?

    A. PRIV.STM

    B. PUB.EDB

    C. PRIV.EDB

    D. PUB.STM

  • Question 68:

    NTFS sets a flag for the file once you encrypt it and creates an EFS attribute where it stores Data Decryption Field (DDF) and Data Recovery Field (DDR). Which of the following is not a part of DDF?

    A. Encrypted FEK

    B. Checksum

    C. EFS Certificate Hash

    D. Container Name

  • Question 69:

    Pick the statement which does not belong to the Rule 804. Hearsay Exceptions; Declarant Unavailable.

    A. Statement of personal or family history

    B. Prior statement by witness

    C. Statement against interest

    D. Statement under belief of impending death

  • Question 70:

    Which of the following is a responsibility of the first responder?

    A. Determine the severity of the incident

    B. Collect as much information about the incident as possible

    C. Share the collected information to determine the root cause

    D. Document the findings

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.