1. Home
  2. EC-COUNCIL
  3. 312-49V10

EC-COUNCIL 312-49V10 Online Practice Questions and Exam Preparation

312-49V10 Exam Details

  • Exam Code
    :312-49V10
  • Exam Name
    :EC-Council Certified Computer Hacking Forensic Investigator (V10)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :1028 Q&As
  • Last Updated
    :May 31, 2026

EC-COUNCIL 312-49V10 Online Questions & Answers

  • Question 611:

    Which following forensic tool allows investigator to detect and extract hidden streams on NTFS drive?

    A. Autopsy
    B. TimeStomp
    C. analyzeMFT
    D. Stream Detector

  • Question 612:

    Harold is a security analyst who has just run the rdisk /s command to grab the backup SAM file on a computer. Where should Harold navigate on the computer to find the file?

    A. %systemroot%\LSA
    B. %systemroot%\system32\drivers\etc
    C. %systemroot%\repair
    D. %systemroot%\system32\LSA

  • Question 613:

    A forensic investigator is performing malware analysis of a newly discovered executable suspected to be originating from a Dark Web marketplace. The investigator documents the key features, system status, and details of the forensic investigation tools, as part of the general rules for malware analysis. After an initial static analysis, the investigator prepares to move to dynamic analysis.

    In this context, which of the following considerations is crucial before the investigator proceeds with dynamic analysis?

    A. Document the behavior of the malware during its installation and execution
    B. Analyze the malware using a disassembler like IDA Pro for dynamic analysis
    C. Execute the malware on the primary system to understand its impact on the system resources
    D. Use sandboxes or virtual machines to contain and analyze the malware

  • Question 614:

    During the course of an investigation, you locate evidence that may prove the innocence of the suspect of the investigation. You must maintain an unbiased opinion and be objective in your entire fact finding process. Therefore, you report this evidence. This type of evidence is known as:

    A. Inculpatory evidence
    B. mandatory evidence
    C. exculpatory evidence
    D. Terrible evidence

  • Question 615:

    Data Acquisition is the process of imaging or otherwise obtaining information from a digital device and its peripheral equipment and media

    A. True
    B. False

  • Question 616:

    What does 254 represent in ICCID 89254021520014515744?

    A. Industry Identifier Prefix
    B. Country Code
    C. Individual Account Identification Number
    D. Issuer Identifier Number

  • Question 617:

    POP3 is an Internet protocol, which is used to retrieve emails from a mail server. Through which port does an email client connect with a POP3 server?

    A. 110
    B. 143
    C. 25
    D. 993

  • Question 618:

    Which of the following reports are delivered under oath to a board of directors/managers/panel of jury?

    A. Written informal Report
    B. Verbal Formal Report
    C. Written Formal Report
    D. Verbal Informal Report

  • Question 619:

    An investigator is conducting a forensic analysis on a Windows machine suspected of accessing the Dark Web. The investigator has found Tor browser artifacts, but the Tor browser has been uninstalled. Which of the following steps should the investigator take next to obtain moreinformation on the user's activities?

    A. Use the netstat-ano command to check the active network connections
    B. Check the prefetch files using a tool such as WinPrefetchView
    C. Look for the 'State' file in the \Tor Browser\Browser\TorBrowser\Data\Tor\ directory
    D. Examine the registry key: HKEY_USERS\\SOFTWARE\Mozilla\Firefox\Launcher for path information

  • Question 620:

    If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can you conclude?

    A. The system has been compromised using a t0rnrootkit
    B. The system administrator has created an incremental backup
    C. The system files have been copied by a remote attacker
    D. Nothing in particular as these can be operational files

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.