1. Home
  2. EC-COUNCIL
  3. 312-49V10

EC-COUNCIL 312-49V10 Online Practice Questions and Exam Preparation

312-49V10 Exam Details

  • Exam Code
    :312-49V10
  • Exam Name
    :EC-Council Certified Computer Hacking Forensic Investigator (V10)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :1028 Q&As
  • Last Updated
    :May 31, 2026

EC-COUNCIL 312-49V10 Online Questions & Answers

  • Question 891:

    An investigator seized a notebook device installed with a Microsoft Windows OS. Which type of files would support an investigation of the data size and structure in the device?

    A. APFS and HFS
    B. Ext2 and Ext4
    C. HFS and GNUC
    D. NTFS and FAT

  • Question 892:

    Which code does the FAT file system use to mark the file as deleted?

    A. ESH
    B. 5EH
    C. H5E
    D. E5H

  • Question 893:

    When investigating a Windows System, it is important to view the contents of the page or swap file because:

    A. Windows stores all of the systems configuration information in this file
    B. This is file that windows use to communicate directly with Registry
    C. A Large volume of data can exist within the swap file of which the computer user has no knowledge
    D. This is the file that windows use to store the history of the last 100 commands that were run from the command line

  • Question 894:

    When a file is deleted by Windows Explorer or through the MS-DOS delete command, the operating system inserts _______________ in the first letter position of the filename in the FAT database.

    A. A Capital X
    B. A Blank Space
    C. The Underscore Symbol
    D. The lowercase Greek Letter Sigma (s)

  • Question 895:

    What happens to the header of the file once it is deleted from the Windows OS file systems?

    A. The OS replaces the entire hex byte coding of the file
    B. The hex byte coding of the file remains the same, but the file location differs
    C. The OS replaces the second letter of a deleted file name with a hex byte code: Eh5
    D. The OS replaces the first letter of a deleted file name with a hex byte code: E5h

  • Question 896:

    This type of testimony is presented by someone who does the actual fieldwork and does not offer a view in court.

    A. Civil litigation testimony
    B. Expert testimony
    C. Victim advocate testimony
    D. Technical testimony

  • Question 897:

    Which part of the Windows Registry contains the user's password file?

    A. HKEY_LOCAL_MACHINE
    B. HKEY_CURRENT_CONFIGURATION
    C. HKEY_USER
    D. HKEY_CURRENT_USER

  • Question 898:

    During a computer hacking forensic investigation, an investigator is tasked with acquiring volatile data from a live Linux system with limited physical access. Which methodology would be the most suitable for this scenario?

    A. Using Belkasoft Live RAM Capturer to extract the entire contents of the computer's volatile memory
    B. Performing remote acquisition of volatile data from a Linux machine using dd and netcat
    C. Using the fmem module and dd command locally to access the RAM and acquire its content directly
    D. Performing local acquisition of RAM using the LiME tool

  • Question 899:

    A cybersecurity investigator has identified a potential incident of hidden information in a file. The investigator uses Autopsy's Extension Mismatch Detector Module to look for file extension mismatches. While examining the module's output, which of the following information should be mainly considered to verify the potential incident?

    A. The file's size
    B. The first 20 bytes of the file
    C. The file's timestamp
    D. The last 20 bytes of the file

  • Question 900:

    Which of the following applications will allow a forensic investigator to track the user login sessions and user transactions that have occurred on an MS SQL Server?

    A. Event Log Explorer
    B. ApexSQL Audit
    C. Notepad++
    D. netcat

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.