1. Home
  2. EC-COUNCIL
  3. 312-49V10

EC-COUNCIL 312-49V10 Online Practice Questions and Exam Preparation

312-49V10 Exam Details

  • Exam Code
    :312-49V10
  • Exam Name
    :EC-Council Certified Computer Hacking Forensic Investigator (V10)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :1028 Q&As
  • Last Updated
    :May 31, 2026

EC-COUNCIL 312-49V10 Online Questions & Answers

  • Question 261:

    A forensics investigator needs to copy data from a computer to some type of removable media so he can examine the information at another location. The problem is that the data is around 42GB in size. What type of removable media could the investigator use?

    A. Blu-Ray single-layer
    B. HD-DVD
    C. Blu-Ray dual-layer
    D. DVD-18

  • Question 262:

    In what way do the procedures for dealing with evidence in a criminal case differ from the procedures for dealing with evidence in a civil case?

    A. evidence must be handled in the same way regardless of the type of case
    B. evidence procedures are not important unless you work for a law enforcement agency
    C. evidence in a criminal case must be secured more tightly than in a civil case
    D. evidence in a civil case must be secured more tightly than in a criminal case

  • Question 263:

    A swap file is a space on a hard disk used as the virtual memory extension of a computer's RAM. Where is the hidden swap file in Windows located?

    A. C:\pagefile.sys
    B. C:\hiberfil.sys
    C. C:\config.sys
    D. C:\ALCSetup.log

  • Question 264:

    What does the bytes 0x0B-0x53 represent in the boot sector of NTFS volume on Windows 2000?

    A. Jump instruction and the OEM ID
    B. BIOS Parameter Block (BPB) and the OEM ID
    C. BIOS Parameter Block (BPB) and the extended BPB
    D. Bootstrap code and the end of the sector marker

  • Question 265:

    Investigators can use the Type Allocation Code (TAC) to find the model and origin of a mobile device. Where is TAC located in mobile devices?

    A. International Mobile Equipment Identifier (IMEI)
    B. Integrated circuit card identifier (ICCID)
    C. International mobile subscriber identity (IMSI)
    D. Equipment Identity Register (EIR)

  • Question 266:

    Which of the following Registry components include offsets to other cells as well as the LastWrite time for the key?

    A. Value list cell
    B. Value cell
    C. Key cell
    D. Security descriptor cell

  • Question 267:

    Jack Smith is a forensics investigator who works for Mason Computer Investigation Services. He is investigating a computer that was infected by Ramen Virus.

    He runs the netstat command on the machine to see its current connections. In the following screenshot, what do the 0.0.0.0 IP addresses signify?

    A. Those connections are established
    B. Those connections are in listening mode
    C. Those connections are in closed/waiting mode
    D. Those connections are in timed out/waiting mode

  • Question 268:

    Data is striped at a byte level across multiple drives and parity information is distributed among all member drives.

    What RAID level is represented here?

    A. RAID Level0
    B. RAID Level 1
    C. RAID Level 3
    D. RAID Level 5

  • Question 269:

    The disk in the disk drive rotates at high speed, and heads in the disk drive are used only to read data.

    A. True
    B. False

  • Question 270:

    A Computer Hacking Forensics Investigator (CHFI) is working on a case involving an encrypted file from a user profile that was deleted. The investigator knows that the file was encrypted using the Encrypted File System (EFS) on a Windows operating system. The system is still bootable, but the original user profile is gone, and the system administrator has reset the account password.

    What would be the most suitable tool to recover this EFS-encrypted file?

    A. Shredlt, a disk wiping utility tool
    B. VeraCrypt, a widely used tool in anti-forensics encryption
    C. AnalyzeMFT, a tool for examining MACE times in NTFS file systems
    D. Advanced EFS Data Recovery, a tool for decrypting protected files

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.