ECCouncil 312-49v10 Practice Test - Questions Answers, Page 38

Adam, a forensic investigator, is investigating an attack on Microsoft Exchange Server of a large organization. As the first step of the investigation, he examined the PRIV.EDB file and found the source from where the mail originated and the name of the file that disappeared upon execution.

Now, he wants to examine the MIME stream content. Which of the following files is he going to examine?

Stephen is checking an image using Compare Files by The Wizard, and he sees the file signature is shown as FF D8 FF E1. What is the file type of the image?

Which of the following tools will help the investigator to analyze web server logs?

Which of the following files gives information about the client sync sessions in Google Drive on Windows?

Which among the following is an act passed by the U.S. Congress in 2002 to protect investors from the possibility of fraudulent accounting activities by corporations?

Richard is extracting volatile data from a system and uses the command doskey/history. What is he trying to extract?

Jacky encrypts her documents using a password. It is known that she uses her daughter's year of birth as part of the password. Which password cracking technique would be optimal to crack her password?

Which of the following tool can the investigator use to analyze the network to detect Trojan activities?

When a user deletes a file or folder, the system stores complete path including the original filename is a special hidden file called "INFO2" in the Recycled folder. If the INFO2 file is deleted, it is recovered when you ______________________.