1. Home
  2. EC-COUNCIL
  3. 312-49

EC-COUNCIL 312-49 Online Practice Questions and Exam Preparation

312-49 Exam Details

  • Exam Code
    :312-49
  • Exam Name
    :ECCouncil Computer Hacking Forensic Investigator (V9)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :531 Q&As
  • Last Updated
    :May 28, 2026

EC-COUNCIL 312-49 Online Questions & Answers

  • Question 151:

    Which of the following files stores information about local Dropbox installation and account, email IDs linked with the account, current version/build for the local application, the host_id, and local path information?

    A. host.db
    B. sigstore.db
    C. config.db
    D. filecache.db

  • Question 152:

    Which of the following tasks DOES NOT come under the investigation phase of a cybercrime forensics investigation case?

    A. Data collection
    B. Secure the evidence
    C. First response
    D. Data analysis

  • Question 153:

    In a Linux-based system, what does the command "Last -F" display?

    A. Login and logout times and dates of the system
    B. Last run processes
    C. Last functions performed
    D. Recently opened files

  • Question 154:

    The investigator wants to examine changes made to the system's registry by the suspect program. Which of the following tool can help the investigator?

    A. TRIPWIRE
    B. RAM Capturer
    C. Regshot
    D. What's Running

  • Question 155:

    What hashing method is used to password protect Blackberry devices?

    A. AES
    B. RC5
    C. MD5
    D. SHA-1

  • Question 156:

    When needing to search for a website that is no longer present on the Internet today but was online few years back, what site can be used to view the website collection of pages?

    A. Proxify.net
    B. Dnsstuff.com
    C. Samspade.org
    D. Archive.org

  • Question 157:

    You are conducting an investigation of fraudulent claims in an insurance company that involves complex text searches through large numbers of documents. Which of the following tools would allow you to quickly and efficiently search for a string within a file on the bitmap image of the target computer?

    A. Stringsearch
    B. grep
    C. dir
    D. vim

  • Question 158:

    What must an attorney do first before you are called to testify as an expert?

    A. Qualify you as an expert witness
    B. Read your curriculum vitae to the jury
    C. Engage in damage control
    D. Prove that the tools you used to conduct your examination are perfect

  • Question 159:

    The offset in a hexadecimal code is:

    A. The last byte after the colon
    B. The 0x at the beginning of the code
    C. The 0x at the end of the code
    D. The first byte after the colon

  • Question 160:

    Which of the following reports are delivered under oath to a board of directors/managers/panel of the jury?

    A. Written Formal Report
    B. Verbal Formal Report
    C. Verbal Informal Report
    D. Written Informal Report

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.