1. Home
  2. EC-COUNCIL
  3. 312-49V10

EC-Council Certified Computer Hacking Forensic Investigator (V10)

Exam Details

  • Exam Code
    :312-49V10
  • Exam Name
    :EC-Council Certified Computer Hacking Forensic Investigator (V10)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :1006 Q&As
  • Last Updated
    :Apr 12, 2025

EC-COUNCIL EC-COUNCIL Certifications 312-49V10 Questions & Answers

  • Question 161:

    Which of the following is a list of recently used programs or opened files?

    A. Most Recently Used (MRU)

    B. Recently Used Programs (RUP)

    C. Master File Table (MFT)

    D. GUID Partition Table (GPT)

  • Question 162:

    Which of the following is a non-zero data that an application allocates on a hard disk cluster in systems running on Windows OS?

    A. Sparse File

    B. Master File Table

    C. Meta Block Group

    D. Slack Space

  • Question 163:

    Which of the following is a tool to reset Windows admin password?

    A. R-Studio

    B. Windows Password Recovery Bootdisk

    C. Windows Data Recovery Software

    D. TestDisk for Windows

  • Question 164:

    Adam, a forensic analyst, is preparing VMs for analyzing a malware. Which of the following is NOT a best practice?

    A. Isolating the host device

    B. Installing malware analysis tools

    C. Using network simulation tools

    D. Enabling shared folders

  • Question 165:

    After suspecting a change in MS-Exchange Server storage archive, the investigator has analyzed it. Which of the following components is not an actual part of the archive?

    A. PRIV.STM

    B. PUB.EDB

    C. PRIV.EDB

    D. PUB.STM

  • Question 166:

    Which of the following attack uses HTML tags like ?

    A. Phishing

    B. XSS attack

    C. SQL injection

    D. Spam

  • Question 167:

    Examination of a computer by a technically unauthorized person will almost always result in:

    A. Rendering any evidence found inadmissible in a court of law

    B. Completely accurate results of the examination

    C. The chain of custody being fully maintained

    D. Rendering any evidence found admissible in a court of law

  • Question 168:

    Which of the following Perl scripts will help an investigator to access the executable image of a process?

    A. Lspd.pl

    B. Lpsi.pl

    C. Lspm.pl

    D. Lspi.pl

  • Question 169:

    An investigator has extracted the device descriptor for a 1GB thumb drive that looks like: DiskandVen_Best_BuyandProd_Geek_Squad_U3andRev_6.15. What does the “Geek_Squad” part represent?

    A. Product description

    B. Manufacturer Details

    C. Developer description

    D. Software or OS used

  • Question 170:

    While analyzing a hard disk, the investigator finds that the file system does not use UEFI-based interface. Which of the following operating systems is present on the hard disk?

    A. Windows 10

    B. Windows 8

    C. Windows 7

    D. Windows 8.1

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.