ECCouncil 312-49v10 Practice Test - Questions Answers, Page 39

Which of the following tool enables data acquisition and duplication?

What does 254 represent in ICCID 89254021520014515744?

Shane has started the static analysis of a malware and is using the tool ResourcesExtract to find more details of the malicious program. What part of the analysis is he performing?

A master boot record (MBR) is the first sector ("sector zero") of a data storage device. What is the size of MBR?

Which password cracking technique uses every possible combination of character sets?

Which of the following Event Correlation Approach is an advanced correlation method that assumes and predicts what an attacker can do next after the attack by studying the statistics and probability and uses only two variables?

NTFS has reduced slack space than FAT, thus having lesser potential to hide data in the slack space.

This is because:

Smith, as a part his forensic investigation assignment, seized a mobile device. He was asked to recover the Subscriber Identity Module (SIM card) data in the mobile device. Smith found that the SIM was protected by a Personal Identification Number (PIN) code, but he was also aware that people generally leave the PIN numbers to the defaults or use easily guessable numbers such as 1234. He made three unsuccessful attempts, which blocked the SIM card. What can Jason do in this scenario to reset the PIN and access SIM data?

Which of the following data structures stores attributes of a process, as well as pointers to other attributes and data structures?