Last Updated on July 22, 2021 by InfraExam
312-49 : Computer Hacking Forensic Investigator : Part 24
Which of the following examinations refers to the process of providing the opposing side in a trial the opportunity to question a witness?
- Cross Examination
- Direct Examination
- Indirect Examination
- Witness Examination
Pick the statement which does not belong to the Rule 804. Hearsay Exceptions; Declarant Unavailable.
- Statement of personal or family history
- Prior statement by witness
- Statement against interest
- Statement under belief of impending death
Which of the following is a responsibility of the first responder?
- Determine the severity of the incident
- Collect as much information about the incident as possible
- Share the collected information to determine the root cause
- Document the findings
NTFS sets a flag for the file once you encrypt it and creates an EFS attribute where it stores Data Decryption Field (DDF) and Data Recovery Field (DDR). Which of the following is not a part of DDF?
- Encrypted FEK
- EFS Certificate Hash
- Container Name
If the partition size is 4 GB, each cluster will be 32 K. Even if a file needs only 10 K, the entire 32 K will be allocated, resulting in 22 K of ________.
- Slack space
- Deleted space
- Sector space
- Cluster space
After suspecting a change in MS-Exchange Server storage archive, the investigator has analyzed it. Which of the following components is not an actual part of the archive?
Which of the following is a non-zero data that an application allocates on a hard disk cluster in systems running on Windows OS?
- Sparse File
- Master File Table
- Meta Block Group
- Slack Space
Which of the following is a tool to reset Windows admin password?
- Windows Password Recovery Bootdisk
- Windows Data Recovery Software
- TestDisk for Windows
Ron, a computer forensics expert, is investigating a case involving corporate espionage. He has recovered several mobile computing devices from the crime scene. One of the evidence that Ron possesses is a mobile phone from Nokia that was left in ON condition. Ron needs to recover the IMEI number of the device to establish the identity of the device owner. Which of the following key combinations can he use to recover the IMEI number?
Select the data that a virtual memory would store in a Windows-based system.
- Information or metadata of the files
- Documents and other files
- Application data
- Running processes
Which of the following does not describe the type of data density on a hard disk?
- Volume density
- Track density
- Linear or recording density
- Areal density
Amelia has got an email from a well-reputed company stating in the subject line that she has won a prize money, whereas the email body says that she has to pay a certain amount for being eligible for the contest. Which of the following acts does the email breach?
- CAN-SPAM Act
Which principle states that “anyone or anything, entering a crime scene takes something of the scene with them, and leaves something of themselves behind when they leave”?
- Locard’s Exchange Principle
- Enterprise Theory of Investigation
- Locard’s Evidence Principle
- Evidence Theory of Investigation
During an investigation, Noel found the following SIM card from the suspect’s mobile. What does the code 89 44 represent?
- Issuer Identifier Number and TAC
- Industry Identifier and Country code
- Individual Account Identification Number and Country Code
- TAC and Industry Identifier
Which of the following file system uses Master File Table (MFT) database to store information about every file and directory on a volume?
- FAT File System
- NTFS File System
As a part of the investigation, Caroline, a forensic expert, was assigned the task to examine the transaction logs pertaining to a database named Transfers. She used SQL Server Management Studio to collect the active transaction log files of the database. Caroline wants to extract detailed information on the logs, including AllocUnitId, page id, slot id, etc. Which of the following commands does she need to execute in order to extract the desired information?
- DBCC LOG(Transfers, 1)
- DBCC LOG(Transfers, 3)
- DBCC LOG(Transfers, 0)
- DBCC LOG(Transfers, 2)
%3cscript%3ealert(”XXXXXXXX”)%3c/script%3e is a script obtained from a Cross-Site Scripting attack. What type of encoding has the attacker employed?
- Double encoding
- Hex encoding
Which of the following is a device monitoring tool?
- Driver Detective
- RAM Capturer
What system details can an investigator obtain from the NetBIOS name table cache?
- List of files opened on other systems
- List of the system present on a router
- List of connections made to other systems
- List of files shared between the connected systems
While analyzing a hard disk, the investigator finds that the file system does not use UEFI-based interface. Which of the following operating systems is present on the hard disk?
- Windows 10
- Windows 8
- Windows 7
- Windows 8.1