312-49 : Computer Hacking Forensic Investigator : Part 23

Which of the following email headers specifies an address for mailer-generated errors, like “no such user” bounce messages, to go to (instead of the sender’s address)?
- Mime-Version header
- Content-Type header
- Content-Transfer-Encoding header
- Errors-To header
Jacob is a computer forensics investigator with over 10 years of experience in investigations and has written over 50 articles on computer forensics. He has been called upon as a qualified witness to testify the accuracy and integrity of the technical log files gathered in an investigation into computer fraud. What is the term used for Jacob’s testimony in this case?
- Certification
- Justification
- Reiteration
- Authentication
When a user deletes a file, the system creates a $I file to store its details. What detail does the $I file not contain?
- File Size
- File origin and modification
- Time and date of deletion
- File Name
Raw data acquisition format creates _________ of a data set or suspect drive.
- Segmented image files
- Simple sequential flat files
- Compressed image files
- Segmented files
CAN-SPAM act requires that you:
- Don’t use deceptive subject lines
- Don’t tell the recipients where you are located
- Don’t identify the message as an ad
- Don’t use true header information
Which of the following registry hive gives the configuration information about which application was used to open various files on the system?
- HKEY_CLASSES_ROOT
- HKEY_CURRENT_CONFIG
- HKEY_LOCAL_MACHINE
- HKEY_USERS
Select the tool appropriate for examining the dynamically linked libraries of an application or malware.
- DependencyWalker
- SysAnalyzer
- PEiD
- ResourcesExtract
Which among the following U.S. laws requires financial institutions—companies that offer consumers financial products or services such as loans, financial or investment advice, or insurance—to protect their customers’ information against security threats?
- SOX
- HIPAA
- GLBA
- FISMA
Which of the following application password cracking tool can discover all password-protected items on a computer and decrypts them?
- TestDisk for Windows
- R-Studio
- Windows Password Recovery Bootdisk
- Passware Kit Forensic
An investigator has found certain details after analysis of a mobile device. What can reveal the manufacturer information?
- Equipment Identity Register (EIR)
- Electronic Serial Number (ESN)
- International mobile subscriber identity (IMSI)
- Integrated circuit card identifier (ICCID)
Which command line tool is used to determine active network connections?
- netsh
- nbstat
- nslookup
- netstat
Which of the following processes is part of the dynamic malware analysis?
- Process Monitoring
- Malware disassembly
- Searching for the strings
- File fingerprinting
Investigators can use the Type Allocation Code (TAC) to find the model and origin of a mobile device. Where is TAC located in mobile devices?
- International Mobile Equipment Identifier (IMEI)
- Integrated circuit card identifier (ICCID)
- International mobile subscriber identity (IMSI)
- Equipment Identity Register (EIR)
What do you call the process in which an attacker uses magnetic field over the digital media device to delete any previously stored data?
- Disk deletion
- Disk cleaning
- Disk degaussing
- Disk magnetization
Which of the following tool can reverse machine code to assembly language?
- PEiD
- RAM Capturer
- IDA Pro
- Deep Log Analyzer
Which of the following file formats allows the user to compress the acquired data as well as keep it randomly accessible?
- Proprietary Format
- Generic Forensic Zip (gfzip)
- Advanced Forensic Framework 4
- Advanced Forensics Format (AFF)
What is the investigator trying to view by issuing the command displayed in the following screenshot?

312-49 Part 23 Q17 011
- List of services stopped
- List of services closed recently
- List of services recently started
- List of services installed
Which layer of iOS architecture should a forensics investigator evaluate to analyze services such as Threading, File Access, Preferences, Networking and high-level features?
- Core Services
- Media services
- Cocoa Touch
- Core OS
Which command can provide the investigators with details of all the loaded modules on a Linux-based system?
- list modules -a
- lsmod
- plist mod -a
- lsof -m
In a Linux-based system, what does the command “Last -F” display?
- Login and logout times and dates of the system
- Last run processes
- Last functions performed
- Recently opened files

312-49 : Computer Hacking Forensic Investigator : All Parts
312-49 Part 01	312-49 Part 08	312-49 Part 15	312-49 Part 22
312-49 Part 02	312-49 Part 09	312-49 Part 16	312-49 Part 23
312-49 Part 03	312-49 Part 10	312-49 Part 17	312-49 Part 24
312-49 Part 04	312-49 Part 11	312-49 Part 18	312-49 Part 25
312-49 Part 05	312-49 Part 12	312-49 Part 19	312-49 Part 26
312-49 Part 06	312-49 Part 13	312-49 Part 20	312-49 Part 27
312-49 Part 07	312-49 Part 14	312-49 Part 21

312-49 : Computer Hacking Forensic Investigator : All Parts
312-49 Part 01	312-49 Part 08	312-49 Part 15	312-49 Part 22
312-49 Part 02	312-49 Part 09	312-49 Part 16	312-49 Part 23
312-49 Part 03	312-49 Part 10	312-49 Part 17	312-49 Part 24
312-49 Part 04	312-49 Part 11	312-49 Part 18	312-49 Part 25
312-49 Part 05	312-49 Part 12	312-49 Part 19	312-49 Part 26
312-49 Part 06	312-49 Part 13	312-49 Part 20	312-49 Part 27
312-49 Part 07	312-49 Part 14	312-49 Part 21

312-49 : Computer Hacking Forensic Investigator : Part 23

Which of the following email headers specifies an address for mailer-generated errors, like “no such user” bounce messages, to go to (instead of the sender’s address)?

When a user deletes a file, the system creates a $I file to store its details. What detail does the $I file not contain?

Raw data acquisition format creates _________ of a data set or suspect drive.

CAN-SPAM act requires that you:

Which of the following registry hive gives the configuration information about which application was used to open various files on the system?

Select the tool appropriate for examining the dynamically linked libraries of an application or malware.

Which among the following U.S. laws requires financial institutions—companies that offer consumers financial products or services such as loans, financial or investment advice, or insurance—to protect their customers’ information against security threats?

Which of the following application password cracking tool can discover all password-protected items on a computer and decrypts them?

An investigator has found certain details after analysis of a mobile device. What can reveal the manufacturer information?

Which command line tool is used to determine active network connections?

Which of the following processes is part of the dynamic malware analysis?

Investigators can use the Type Allocation Code (TAC) to find the model and origin of a mobile device. Where is TAC located in mobile devices?

What do you call the process in which an attacker uses magnetic field over the digital media device to delete any previously stored data?

Which of the following tool can reverse machine code to assembly language?

Which of the following file formats allows the user to compress the acquired data as well as keep it randomly accessible?

What is the investigator trying to view by issuing the command displayed in the following screenshot?

Which layer of iOS architecture should a forensics investigator evaluate to analyze services such as Threading, File Access, Preferences, Networking and high-level features?

Which command can provide the investigators with details of all the loaded modules on a Linux-based system?

In a Linux-based system, what does the command “Last -F” display?