You are a Computer Hacking Forensic Investigator (CHFI) investigating a case of suspected unauthorized system access. Your task is to analyze Windows 10 event logs to identify irregularities. The system in question uses non-wrapping event record organization. You discover that an unusual record, EVENT RECORD 2 (EVENTLOGRECORD), is missing from the log.
What could be the plausible explanation for this?
A. The missing event record indicates that the system audit policy was not configured to record the particular eventWhich of the following statements is true regarding SMTP Server?
A. SMTP Server breaks the recipient's address into Recipient's name and his/her designation before passing it to the DNS ServerWhat will the following Linux command accomplish? dd if=/dev/mem of=/home/sam/mem.bin bs=1024
A. Copy the master boot record to a fileEdgar is part of the FBI's forensic media and malware analysis team; he is analyzing a current malware and is conducting a thorough examination of the suspect system, network, and other connected devices. Edgar's approach is to execute the malware code to know how it interacts with the host system and its impacts on it. He is also using a virtual machine and a sandbox environment.
What type of malware analysis is Edgar performing?
A. VirusTotal analysisA file requires 10 KB space to be saved on a hard disk partition. An entire cluster of 32 KB has been allocated for this file. The remaining, unused space of 22 KB on this cluster will be identified as ____________.
A. Swap spaceJulia is a senior security analyst for Berber Consulting group. She is currently working on a contract for a small accounting firm in Florid a. They have given her permission to perform social engineering attacks on the company to see if their in-house training did any good. Julia calls the main number for the accounting firm and talks to the receptionist. Julia says that she is an IT technician from the company's main office in Iowa. She states that she needs the receptionist's network username and password to troubleshoot a problem they are having. Julia says that Bill Hammond, the CEO of the company, requested this information. After hearing the name of the CEO, the receptionist gave Julia all the information she asked for.
What principal of social engineering did Julia use?
A. Social ValidationThe IIS log file format is a fixed (cannot be customized) ASCII text-based format. The IIS format includes basic items, such as client IP address, user name, date and time, service and instance, server name and IP address, request type, target of operation, etc. Identify the service status code from the following IIS log.
192. 168.100.150, -, 03/6/11, 8:45:30, W3SVC2, SERVER, 172. 15. 10.30, 4210, 125, 3524, 100, 0, GET, /dollerlogo.gif,
A. W3SVC2You are working as a Computer forensics investigator for a corporation on a computer abuse case. You discover evidence that shows the subject of your investigation is also embezzling money from the company. The company CEO and the corporate legal counsel advise you to contact law enforcement and provide them with the evidence that you have found. The law enforcement officer that responds requests that you put a network sniffer on your network and monitor all traffic to the subject's computer. You inform the officer that you will not be able to comply with that request because doing so would:
A. Violate your contractWhat stage of the incident handling process involves reporting events?
A. ContainmentIn a scenario where a potential security incident has occurred on a cloud-based service, and an investigator is brought in to examine the system, what type of data acquisition would likely be beneficial in this situation? Also, explain the volatile data type that might be most interesting to the investigator.
A. Live acquisition should be employed to gather dynamic data from the system, concentrating on open les and command historyNowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.