What happens when a file is deleted by a Microsoft operating system using the FAT file system?
A. The file is erased and cannot be recovered
B. The file is erased but can be recovered partially
C. A copy of the file is stored and the original file is erased
D. Only the reference to the file is removed from the FAT and can be recovered
Paul is a computer forensics investigator working for Tyler and Company Consultants. Paul has been called upon to help investigate a computer hacking ring broken up by the local police. Paul begins to inventory the PCs found in the hackers?hideout. Paul then comes across a PDA left by them that is attached to a number of different peripheral devices. What is the first step that Paul must take with the PDA to ensure the integrity of the investigation?
A. Place PDA, including all devices, in an antistatic bag
B. Unplug all connected devices
C. Power off all devices if currently on
D. Photograph and document the peripheral devices
In conducting a computer abuse investigation you become aware that the suspect of the investigation is using ABC Company as his Internet Service Provider (ISP). You contact the ISP and request that they provide you assistance with your investigation. What assistance can the ISP provide?
A. The ISP can investigate anyone using their service and can provide you with assistance
B. The ISP can investigate computer abuse committed by their employees, but must preserve the privacy of their customers and therefore cannot assist you without a warrant
C. The ISP cannot conduct any type of investigations on anyone and therefore cannot assist you
D. ISPs never maintain log files so they would be of no use to your investigation
What technique used by Encase makes it virtually impossible to tamper with evidence once it has been acquired?
A. Every byte of the file(s) is given an MD5 hash to match against a master file
B. Every byte of the file(s) is verified using 32-bit CRC
C. Every byte of the file(s) is copied to three different hard drives
D. Every byte of the file(s) is encrypted using three different methods
If a PDA is seized in an investigation while the device is turned on, what would be the proper procedure?
A. Keep the device powered on
B. Turn off the device immediately
C. Remove the battery immediately
D. Remove any memory cards immediately
If you are concerned about a high level of compression but not concerned about any possible data loss, what type of compression would you use?
A. Lossful compression
B. Lossy compression
C. Lossless compression
D. Time-loss compression
What type of file is represented by a colon (:) with a name following it in the Master File Table (MFT) of an NTFS disk?
A. Compressed file
B. Data stream file
C. Encrypted file
D. Reserved file
To preserve digital evidence, an investigator should ____________
A. Make two copies of each evidence item using a single imaging tool
B. Make a single copy of each evidence item using an approved imaging tool
C. Make two copies of each evidence item using different imaging tools
D. Only store the original evidence item
An on-site incident response team is called to investigate an alleged case of computer tampering within their company. Before proceeding with the investigation, the CEO informs them that the incident will be classified as ow level? How long will the team have to respond to the incident?the investigation, the CEO informs them that the incident will be classified as ?ow level? How long will the team have to respond to the incident?
A. One working day
B. Two working days
C. Immediately
D. Four hours
How many times can data be written to a DVD+R disk?
A. Twice
B. Once
C. Zero
D. Infinite
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V9 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.