NTFS sets a flag for the file once you encrypt it and creates an EFS attribute where it stores Data Decryption Field (DDF) and Data Recovery Field (DDR). Which of the following is not a part of DDF?
A. Encrypted FEK
B. Checksum
C. EFS Certificate Hash
D. Container Name
Pick the statement which does not belong to the Rule 804. Hearsay Exceptions; Declarant Unavailable.
A. Statement of personal or family history
B. Prior statement by witness
C. Statement against interest
D. Statement under belief of impending death
Which of the following is a responsibility of the first responder?
A. Determine the severity of the incident
B. Collect as much information about the incident as possible
C. Share the collected information to determine the root cause
D. Document the findings
Which of the following examinations refers to the process of providing the opposing side in a trial the opportunity to question a witness?
A. Cross Examination
B. Direct Examination
C. Indirect Examination
D. Witness Examination
In a Linux-based system, what does the command “Last -F” display?
A. Login and logout times and dates of the system
B. Last run processes
C. Last functions performed
D. Recently opened files
Which layer of iOS architecture should a forensics investigator evaluate to analyze services such as Threading, File Access, Preferences, Networking and high-level features?
A. Core Services
B. Media services
C. Cocoa Touch
D. Core OS
Which command can provide the investigators with details of all the loaded modules on a Linux-based system?
A. list modules -a
B. lsmod
C. plist mod -a
D. lsof -m
What is the investigator trying to view by issuing the command displayed in the following screenshot?
A. List of services stopped
B. List of services closed recently
C. List of services recently started
D. List of services installed
Which of the following file formats allows the user to compress the acquired data as well as keep it randomly accessible?
A. Proprietary Format
B. Generic Forensic Zip (gfzip)
C. Advanced Forensic Framework 4
D. Advanced Forensics Format (AFF)
Which of the following tool can reverse machine code to assembly language?
A. PEiD
B. RAM Capturer
C. IDA Pro
D. Deep Log Analyzer
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.