It is impossible to pass EC-Council 312-49v8 exam without any help in the short term. Come to Testking soon and find the most advanced, correct and guaranteed EC-Council 312-49v8 practice questions. You will get a surprising result by our Abreast of the times Computer Hacking Forensic Investigator Exam practice guides.

Q16. Tracks numbering on a hard disk begins at 0 from the outer edge and moves towards the center, typically reaching a value of ___________. 

A. 1023 

B. 1020 

C. 1024 

D. 2023 


Q17. What is the "Best Evidence Rule"? 

A. It states that the court only allows the original evidence of a document, photograph, or recording at the trial rather than a copy 

B. It contains system time, logged-on user(s), open files, network information, process information, process-to-port mapping, process memory, clipboard contents, service/driver information, and command history 

C. It contains hidden files, slack space, swap file, index.dat files, unallocated clusters, unused partitions, hidden partitions, registry settings, and event logs 

D. It contains information such as open network connection, user logout, programs that reside in memory, and cache data 


Q18. Which table is used to convert huge word lists (i .e. dictionary files and brute-force lists) into password hashes? 

A. Rainbow tables 

B. Hash tables 

C. Master file tables 

D. Database tables 


Q19. Data compression involves encoding the data to take up less storage space and less bandwidth for transmission. It helps in saving cost and high data manipulation in many business applications. 

Which data compression technique maintains data integrity? 

A. Lossless compression 

B. Lossy compression 

C. Speech encoding compression 

D. Lossy video compression 


Q20. Deposition enables opposing counsel to preview an expert witness's testimony at trial. Which of the following deposition is not a standard practice? 

A. Both attorneys are present 

B. Only one attorneys is present 

C. No jury or judge 

D. Opposing counsel asks questions 


Q21. First response to an incident may involve three different groups of people, and each will have differing skills and need to carry out differing tasks based on the incident. Who is responsible for collecting, preserving, and packaging electronic evidence? 

A. System administrators 

B. Local managers or other non-forensic staff 

C. Forensic laboratory staff 

D. Lawyers 


Q22. The Recycle Bin exists as a metaphor for throwing files away, but it also allows user to retrieve and restore files. Once the file is moved to the recycle bin, a record is added to the log file that exists in the Recycle Bin. 

Which of the following files contains records that correspond to each deleted file in the Recycle Bin? 

A. INFO2 file 

B. INFO1 file 

C. LOGINFO2 file 

D. LOGINFO1 file 


Q23. Wi-Fi Protected Access (WPA) is a data encryption method for WLANs based on 802.11 standards. Temporal Key Integrity Protocol (TKIP) enhances WEP by adding a rekeying mechanism to provide fresh encryption and integrity keys. Temporal keys are changed for every____________. 

A. 5,000 packets 

B. 10.000 packets 

C. 15,000 packets 

D. 20.000 packets 


Q24. In what circumstances would you conduct searches without a warrant? 

A. When destruction of evidence is imminent, a warrantless seizure of that evidence is justified if there is probable cause to believe that the item seized constitutes evidence of criminal activity 

B. Agents may search a place or object without a warrant if he suspect the crime was committed 

C. A search warrant is not required if the crime involves Denial-Of-Service attack over the Internet 

D. Law enforcement agencies located in California under section SB 567 are authorized to seize computers without warrant under all circumstances 


Q25. Digital evidence is not fragile in nature. 

A. True 

B. False 


Q26. Windows Security Accounts Manager (SAM) is a registry file which stores passwords in a hashed format. 

SAM file in Windows is located at: 

A. C:\\windows\\system32\\config\\SAM 

B. C:\\windows\\system32\\con\\SAM 

C. C:\\windows\\system32\\Boot\\SAM 

D. C:\\windows\\system32\\drivers\\SAM 


Q27. TCP/IP (Transmission Control Protocol/Internet Protocol) is a communication protocol used to connect different hosts in the Internet. It contains four layers, namely the network interface layer. Internet layer, transport layer, and application layer. 

Which of the following protocols works under the transport layer of TCP/IP? 






Q28. What is a SCSI (Small Computer System Interface)? 

A. A set of ANSI standard electronic interfaces that allow personal computers to communicate with peripheral hardware such as disk drives, tape drives. CD-ROM drives, printers, and scanners 

B. A standard electronic interface used between a computer motherboard's data paths or bus and the computer's disk storage devices 

C. A "plug-and-play" interface, which allows a device to be added without an adapter card and without rebooting the computer D. A point-to-point serial bi-directional interface for transmitting data between computer devices at data rates of up to 4 Gbps 


Q29. Recovery of the deleted partition is the process by which the investigator evaluates and extracts the deleted partitions. 

A. True 

B. False 


Q30. During the seizure of digital evidence, the suspect can be allowed touch the computer system. 

A. True 

B. False