ECCouncil 312-49v10 Practice Test - Questions Answers, Page 42

Randy has extracted data from an old version of a Windows-based system and discovered info file Dc5.txt in the system recycle bin. What does the file name denote?

Sheila is a forensics trainee and is searching for hidden image files on a hard disk. She used a forensic investigation tool to view the media in hexadecimal code for simplifying the search process. Which of the following hex codes should she look for to identify image files?

Shane, a forensic specialist, is investigating an ongoing attack on a MySQL database server hosted on a Windows machine with SID "WIN-ABCDE12345F." Which of the following log file will help Shane in tracking all the client connections and activities performed on the database server?

What must an attorney do first before you are called to testify as an expert?

Gary is checking for the devices connected to USB ports of a suspect system during an investigation.

Select the appropriate tool that will help him document all the connected devices.

Which of the following is NOT a physical evidence?

During forensics investigations, investigators tend to collect the system time at first and compare it with UTC. What does the abbreviation UTC stand for?

Buffer overflow vulnerability of a web application occurs when it fails to guard its buffer properly and allows writing beyond its maximum size. Thus, it overwrites the_________. There are multiple forms of buffer overflow, including a Heap

Buffer Overflow and a Format String Attack.

Which of the following is a part of a Solid-State Drive (SSD)?