With regard to using an antivirus scanner during a computer forensics investigation, you should:
A. Scan the suspect hard drive before beginning an investigation
B. Never run a scan on your forensics workstation because it could change your system configurationNever run a scan on your forensics workstation because it could change your system? configuration
C. Scan your forensics workstation at intervals of no more than once every five minutes during an investigation
D. Scan your forensics workstation before beginning an investigation
What technique is used by JPEGs for compression?
A. ZIP
B. TCD
C. DCT
D. TIFF-8
What must an investigator do before disconnecting an iPod from any type of computer?
A. Unmount the iPod
B. Mount the iPod
C. Disjoin the iPod
D. Join the iPod
When examining a file with a Hex Editor, what space does the file header occupy?
A. The first several bytes of the file
B. One byte at the beginning of the file
C. None, file headers are contained in the FAT
D. The last several bytes of the file
In the context of file deletion process, which of the following statement holds true?
A. When files are deleted, the data is overwritten and the cluster marked as available
B. The longer a disk is in use, the less likely it is that deleted files will be overwritten
C. While booting, the machine may create temporary files that can delete evidence
D. Secure delete programs work by completely overwriting the file in one go
What is the smallest physical storage unit on a hard drive?
A. Track
B. Cluster
C. Sector
D. Platter
Which legal document allows law enforcement to search an office, place of business, or other locale for evidence relating to an alleged crime?
A. Search warrant
B. Subpoena
C. Wire tap
D. Bench warrant
What term is used to describe a cryptographic technique for embedding information into something else for the sole purpose of hiding that information from the casual observer?
A. Key escrow
B. Steganography
C. Rootkit
D. Offset
John is working on his company policies and guidelines. The section he is currently working on covers company documents; how they shouldJohn is working on his company? policies and guidelines. The section he is currently working on covers company documents; how they should be handled, stored, and eventually destroyed. John is concerned about the process whereby outdated documents are destroyed. What type of shredder should John write in the guidelines to be used when destroying documents?
A. Strip-cut shredder
B. Cross-cut shredder
C. Cross-hatch shredder
D. Cris-cross shredder
What will the following command accomplish? dd if=/dev/xxx of=mbr.backup bs=512 count=1
A. Back up the master boot record
B. Restore the master boot record
C. Mount the master boot record on the first partition of the hard drive
D. Restore the first 512 bytes of the first partition of the hard drive
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V9 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.