Exam Details
Exam Code
:312-49Exam Name
:ECCouncil Computer Hacking Forensic Investigator (V9)Certification
:EC-COUNCIL CertificationsVendor
:EC-COUNCILTotal Questions
:531 Q&AsLast Updated
:Apr 11, 2025
EC-COUNCIL EC-COUNCIL Certifications 312-49 Questions & Answers
-
Question 71:
Which of the following examinations refers to the process of providing the opposing side in a trial the opportunity to question a witness?
A. Cross Examination
B. Direct Examination
C. Indirect Examination
D. Witness Examination
-
Question 72:
Which command can provide the investigators with details of all the loaded modules on a Linux-based system?
A. list modules -a
B. lsmod
C. plist mod -a
D. lsof -m
-
Question 73:
In a Linux-based system, what does the command "Last -F" display?
A. Login and logout times and dates of the system
B. Last run processes
C. Last functions performed
D. Recently opened files
-
Question 74:
Which layer of iOS architecture should a forensics investigator evaluate to analyze services such as Threading, File Access, Preferences, Networking and high-level features?
A. Core Services
B. Media services
C. Cocoa Touch
D. Core OS
-
Question 75:
What is the investigator trying to view by issuing the command displayed in the following screenshot?
A. List of services stopped
B. List of services closed recently
C. List of services recently started
D. List of services installed
-
Question 76:
Which of the following file formats allows the user to compress the acquired data as well as keep it randomly accessible?
A. Proprietary Format
B. Generic Forensic Zip (gfzip)
C. Advanced Forensic Framework 4
D. Advanced Forensics Format (AFF)
-
Question 77:
What do you call the process in which an attacker uses magnetic field over the digital media device to delete any previously stored data?
A. Disk deletion
B. Disk cleaning
C. Disk degaussing
D. Disk magnetization
-
Question 78:
Which of the following tool can reverse machine code to assembly language?
A. PEiD
B. RAM Capturer
C. IDA Pro
D. Deep Log Analyzer
-
Question 79:
Investigators can use the Type Allocation Code (TAC) to find the model and origin of a mobile device. Where is TAC located in mobile devices?
A. International Mobile Equipment Identifier (IMEI)
B. Integrated circuit card identifier (ICCID)
C. International mobile subscriber identity (IMSI)
D. Equipment Identity Register (EIR)
-
Question 80:
Which of the following processes is part of the dynamic malware analysis?
A. Process Monitoring
B. Malware disassembly
C. Searching for the strings
D. File fingerprinting
Related Exams:
112-51
EC-Council Certified Network Defense Essentials (NDE)212-77
EC-Council Certified Linux Security212-81
EC-Council Certified Encryption Specialist (ECES)212-82
EC-Council Certified Cybersecurity Technician (C|CT)212-89
EC-Council Certified Incident Handler (ECIH)312-38
EC-Council Certified Network Defender (CND)312-39
EC-Council Certified SOC Analyst (CSA)312-40
EC-Council Certified Cloud Security Engineer (CCSE)312-49
ECCouncil Computer Hacking Forensic Investigator (V9)312-49V10
EC-Council Certified Computer Hacking Forensic Investigator (V10)
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.