What does mactime, an essential part of the coroner s toolkit do?
A. It traverses the file system and produces a listing of all files based on the modification, access and change timestamps
B. It can recover deleted file space and search it for datA. However, it does not allow the investigator t preview them
C. The tools scans for i-node information, which is used by other tools in the tool kit
D. It is tool specific to the MAC OS and forms a core component of the toolkit
The use of warning banners helps a company avoid litigation by overcoming an employees assumed ____________ When connecting to the company s intranet, network or Virtual Private Network(VPN) and will allow the company s investigators to monitor, search and retrieve information stored within the network.
A. Right to work
B. Right of free speech
C. Right to Internet Access
D. Right of Privacy
One way to identify the presence of hidden partitions on a suspect s hard drive is to:
A. Add up the total size of all known partitions and compare it to the total size of the hard drive
B. Examine the FAT and identify hidden partitions by noting an H in the partition Type field
C. Examine the LILO and note an H in the partition Type field
D. It is not possible to have hidden partitions on a hard drive
Melanie was newly assigned to an investigation and asked to make a copy of all the evidence from the compromised system. Melanie did a DOS copy of all the files on the system. What would be the primary reason for you to recommend a disk imaging tool?
A. A disk imaging tool would check for CRC32s for internal self checking and validation and have MD5 checksum
B. Evidence file format will contain case data entered by the examiner and encrypted at the beginning of the evidence file
C. A simple DOS copy will not include deleted files, file slack and other information
D. There is no case for an imaging tool as it will use a closed, proprietary format that if compared to the original will not match up sector for sector
What information do you need to recover when searching a victims computer for a crime committed with specific e-mail message?
A. Internet service provider information
B. E-mail header
C. Username and password
D. Firewall log
The ____________________ refers to handing over the results of private investigations to the authorities because of indications of criminal activity.
A. Locard Exchange Principle
B. Clark Standard
C. Kelly Policy
D. Silver-Platter Doctrine
This organization maintains a database of hash signatures for known software:
A. International Standards Organization
B. Institute of Electrical and Electronics Engineers
C. National Software Reference Library
D. American National standards Institute
One technique for hiding information is to change the file extension from the correct one to one that might not be noticed by an investigator. For example, changing a .jpg extension to a .doc extension so that a picture file appears to be a document. What can an investigator examine to verify that a file has the correct extension?
A. the File Allocation Table
B. the file header
C. the file footer
D. the sector map
You are employed directly by an attorney to help investigate an alleged sexual harassment case at a large pharmaceutical manufacture. While at the corporate office of the company, the CEO demands to know the status of the investigation. What prevents you from discussing the case with the CEO?
A. the attorney-work-product rule
B. Good manners
C. Trade secrets
D. ISO 17799
____________________ is simply the application of Computer Investigation and analysis techniques in the interests of determining potential legal evidence.
A. Network Forensics
B. Computer Forensics
C. Incident Response
D. Event Reaction
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 412-79 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.