1. Home
  2. EC-COUNCIL
  3. 312-49V10

EC-COUNCIL 312-49V10 Online Practice Questions and Exam Preparation

312-49V10 Exam Details

  • Exam Code
    :312-49V10
  • Exam Name
    :EC-Council Certified Computer Hacking Forensic Investigator (V10)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :1028 Q&As
  • Last Updated
    :May 31, 2026

EC-COUNCIL 312-49V10 Online Questions & Answers

  • Question 801:

    "No action taken by law enforcement agencies or their agents should change data held on a computer or storage media which may subsequently be relied upon in court" - this principle is advocated by which of the following?

    A. FBI Cyber Division
    B. Scientific Working Group on Imaging Technology (SWGIT)
    C. The Association of Chief Police Officers (ACPO) Principles of Digital Evidence
    D. Locard's exchange principle

  • Question 802:

    What method of copying should always be performed first before carrying out an investigation?

    A. Parity-bit copy
    B. Bit-stream copy
    C. MS-DOS disc copy
    D. System level copy

  • Question 803:

    When collecting evidence from the RAM, where do you look for data?

    A. Swap file
    B. SAM file
    C. Data file
    D. Log file

  • Question 804:

    UEFI is a specification that defines a software interface between an OS and platform firmware. Where does this interface store information about files present on a disk?

    A. BIOS-MBR
    B. GUID Partition Table (GPT)
    C. Master Boot Record (MBR)
    D. BIOS Parameter Block

  • Question 805:

    An investigator needs to perform data acquisition from a storage media without altering its contents to maintain the integrity of the content. The approach adopted by the investigator relies upon the capacity of enabling read-only access to the storage media.

    Which tool should the investigator integrate into his/her procedures to accomplish this task?

    A. Data duplication tool
    B. BitLocker
    C. Write blocker
    D. Backup tool

  • Question 806:

    An "idle" system is also referred to as what?

    A. PC not connected to the Internet
    B. PC not being used
    C. Zombie
    D. Bot

  • Question 807:

    Brian needs to acquire data from RAID storage. Which of the following acquisition methods is recommended to retrieve only the data relevant to the investigation?

    A. Static Acquisition
    B. Sparse or Logical Acquisition
    C. Bit-stream disk-to-disk Acquisition
    D. Bit-by-bit Acquisition

  • Question 808:

    Which of the following information is displayed when Netstat is used with -ano switch?

    A. Ethernet statistics
    B. Contents of IP routing table
    C. Details of routing table
    D. Details of TCP and UDP connections

  • Question 809:

    If a PDA is seized in an investigation while the device is turned on, what would be the proper procedure?

    A. Keep the device powered on
    B. Turn off the device immediately
    C. Remove the battery immediately
    D. Remove any memory cards immediately

  • Question 810:

    Before performing a logical or physical search of a drive in Encase, what must be added to the program?

    A. File signatures
    B. Keywords
    C. Hash sets
    D. Bookmarks

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.