ECCouncil Computer Hacking Forensic Investigator (V8) v11.0 (312-49v8)

Page:    1 / 12   
Total 180 questions

Deposition enables opposing counsel to preview an expert witness's testimony at trial.
Which of the following deposition is not a standard practice?

  • A. Both attorneys are present
  • B. Only one attorneys is present
  • C. No jury or judge
  • D. Opposing counsel asks questions


Answer : B

If a file (readme.txt) on a hard disk has a size of 2600 bytes, how many sectors are normally allocated to this file?

  • A. 4 Sectors
  • B. 5 Sectors
  • C. 6 Sectors
  • D. 7 Sectors


Answer : C

Recovery of the deleted partition is the process by which the investigator evaluates and extracts the deleted partitions.

  • A. True
  • B. False


Answer : A

During first responder procedure you should follow all laws while collecting the evidence, and contact a computer forensic examiner as soon as possible

  • A. True
  • B. False


Answer : A

Which one of the following is not a consideration in a forensic readiness planning checklist?

  • A. Define the business states that need digital evidence
  • B. Identify the potential evidence available
  • C. Decide the procedure for securely collecting the evidence that meets the requirement fn a forensically sound manner
  • D. Take permission from all employees of the organization


Answer : D

When collecting electronic evidence at the crime scene, the collection should proceed from the most volatile to the least volatile

  • A. True
  • B. False


Answer : A

What is a chain of custody?

  • A. A legal document that demonstrates the progression of evidence as it travels from the original evidence location to the forensic laboratory
  • B. It is a search warrant that is required for seizing evidence at a crime scene
  • C. It Is a document that lists chain of windows process events
  • D. Chain of custody refers to obtaining preemptive court order to restrict further damage of evidence in electronic seizures


Answer : A

Data is striped at a byte level across multiple drives and parity information is distributed among all member drives.
What RAID level is represented here?

  • A. RAID Level0
  • B. RAID Level 1
  • C. RAID Level 3
  • D. RAID Level 5


Answer : D

Computer forensics report provides detailed information on complete computer forensics investigation process. It should explain how the incident occurred, provide technical details of the incident and should be clear to understand. Which of the following attributes of a forensics report can render it inadmissible in a court of law?

  • A. It includes metadata about the incident
  • B. It includes relevant extracts referred to In the report that support analysis or conclusions
  • C. It is based on logical assumptions about the incident timeline
  • D. It maintains a single document style throughout the text


Answer : C

Email spoofing refers to:

  • A. The forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source
  • B. The criminal act of sending an illegitimate email, falsely claiming to be from a legitimate site in an attempt to acquire the user's personal or account information
  • C. Sending huge volumes of email to an address in an attempt to overflow the mailbox or overwhelm the server where the email address Is hosted to cause a denial-of-service attack
  • D. A sudden spike of "Reply All" messages on an email distribution list, caused by one misdirected message


Answer : A

Volatile information can be easily modified or lost when the system is shut down or rebooted. It helps to determine a logical timeline of the security incident and the users who would be responsible.

  • A. True
  • B. False


Answer : A

A steganographic file system is a method to store the files in a way that encrypts and hides the data without the knowledge of others

  • A. True
  • B. False


Answer : A

Which device in a wireless local area network (WLAN) determines the next network point to which a packet should be forwarded toward its destination?

  • A. Wireless router
  • B. Wireless modem
  • C. Antenna
  • D. Mobile station


Answer : A

Data Acquisition is the process of imaging or otherwise obtaining information from a digital device and its peripheral equipment and media

  • A. True
  • B. False


Answer : A

LBA (Logical Block Address) addresses data by allotting a ___________to each sector of the hard disk.

  • A. Sequential number
  • B. Index number
  • C. Operating system number
  • D. Sector number


Answer : A

Page:    1 / 12   
Total 180 questions