1. Home
  2. EC-COUNCIL
  3. 312-49

EC-COUNCIL 312-49 Online Practice Questions and Exam Preparation

312-49 Exam Details

  • Exam Code
    :312-49
  • Exam Name
    :ECCouncil Computer Hacking Forensic Investigator (V9)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :531 Q&As
  • Last Updated
    :May 28, 2026

EC-COUNCIL 312-49 Online Questions & Answers

  • Question 251:

    A forensic examiner is examining a Windows system seized from a crime scene. During the examination of a suspect file, he discovered that the file is password protected. He tried guessing the password using the suspect's available information but without any success. Which of the following tool can help the investigator to solve this issue?

    A. Cain and Abel
    B. Xplico
    C. Recuva
    D. Colasoft's Capsa

  • Question 252:

    If you discover a criminal act while investigating a corporate policy abuse, it becomes a publicsector investigation and should be referred to law enforcement?

    A. true
    B. false

  • Question 253:

    In which registry does the system store the Microsoft security IDs?

    A. HKEY_CLASSES_ROOT (HKCR)
    B. HKEY_CURRENT_CONFIG (HKCC)
    C. HKEY_CURRENT_USER (HKCU)
    D. HKEY_LOCAL_MACHINE (HKLM)

  • Question 254:

    When you carve an image, recovering the image depends on which of the following skills?

    A. Recognizing the pattern of the header content
    B. Recovering the image from a tape backup
    C. Recognizing the pattern of a corrupt file
    D. Recovering the image from the tape backup

  • Question 255:

    Which list contains the most recent actions performed by a Windows User?

    A. MRU
    B. Activity
    C. Recents
    D. Windows Error Log

  • Question 256:

    The following is a log file screenshot from a default installation of IIS 6.0.

    What time standard is used by IIS as seen in the screenshot?

    A. UTC
    B. GMT
    C. TAI
    D. UT

  • Question 257:

    Which response organization tracks hoaxes as well as viruses?

    A. NIPC
    B. FEDCIRC
    C. CERT
    D. CIAC

  • Question 258:

    When using Windows acquisitions tools to acquire digital evidence, it is important to use a well-tested hardware write-blocking device to:

    A. Automate Collection from image files
    B. Avoiding copying data from the boot partition
    C. Acquire data from host-protected area on a disk
    D. Prevent Contamination to the evidence drive

  • Question 259:

    What is the investigator trying to view by issuing the command displayed in the following screenshot?

    A. List of services stopped
    B. List of services closed recently
    C. List of services recently started
    D. List of services installed

  • Question 260:

    You have completed a forensic investigation case. You would like to destroy the data contained in various disks at the forensics lab due to sensitivity of the case. How would you permanently erase the data on the hard disk?

    A. Throw the hard disk into the fire
    B. Run the powerful magnets over the hard disk
    C. Format the hard disk multiple times using a low level disk utility
    D. Overwrite the contents of the hard disk with Junk data

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.