Under confession, an accused criminal admitted to encrypting child pornography pictures and then hiding them within other pictures. What technique did the accused criminal employ?
A. Typography
B. Steganalysis
C. Picture encoding
D. Steganography
What does the acronym POST mean as it relates to a PC?
A. Power On Self Test
B. Pre Operational Situation Test
C. Primary Operating System Test
D. Primary Operations Short Test
When examining a file with a Hex Editor, what space does the file header occupy?
A. The first several bytes of the file
B. One byte at the beginning of the file
C. None, file headers are contained in the FAT
D. The last several bytes of the file
Why should you never power on a computer that you need to acquire digital evidence from?
A. When the computer boots up, files are written to the computer rendering the data nclean?When the computer boots up, files are written to the computer rendering the data ?nclean
B. When the computer boots up, the system cache is cleared which could destroy evidence
C. When the computer boots up, data in the memory buffer is cleared which could destroy evidenceWhen the computer boots up, data in the memory? buffer is cleared which could destroy evidence
D. Powering on a computer has no affect when needing to acquire digital evidence from it
What feature of Decryption Collection allows an investigator to crack a password as quickly as possible?
A. Cracks every password in 10 minutes
B. Distribute processing over 16 or fewer computers
C. Support for Encrypted File System
D. Support for MD5 hash verification
Which is a standard procedure to perform during all computer forensics investigations?
A. With the hard drive in the suspect PC, check the date and time in the system CMOSWith the hard drive in the suspect PC, check the date and time in the system? CMOS
B. With the hard drive removed from the suspect PC, check the date and time in the system CMOSWith the hard drive removed from the suspect PC, check the date and time in the system? CMOS
C. With the hard drive in the suspect PC, check the date and time in the File Allocation Table
D. With the hard drive removed from the suspect PC, check the date and time in the system RAMWith the hard drive removed from the suspect PC, check the date and time in the system? RAM
The offset in a hexadecimal code is:
A. The 0x at the beginning of the code
B. The 0x at the end of the code
C. The first byte after the colon
D. The last byte after the colon
How often must a company keep log files for them to be admissible in a court of law?
A. All log files are admissible in court no matter their frequency
B. Weekly
C. Monthly
D. Continuously
What technique used by Encase makes it virtually impossible to tamper with evidence once it has been acquired?
A. Every byte of the file(s) is given an MD5 hash to match against a master file
B. Every byte of the file(s) is verified using 32-bit CRC
C. Every byte of the file(s) is copied to three different hard drives
D. Every byte of the file(s) is encrypted using three different methods
When making the preliminary investigations in a sexual harassment case, how many investigators are you recommended having?
A. One
B. Two
C. Three
D. Four
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your EC1-349 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.