ECCouncil Computer Hacking Forensic Investigator (V9) 試験
Question No : 1
An investigator is searching through the firewall logs of a company and notices ICMP packets that are larger than 65,536 bytes.
What type of activity is the investigator seeing?
Question No : 2
The efforts to obtain information before a trial by demanding documents, depositions, questions and answers written under oath, written requests for admissions of fact, and examination of the scene is a description of what legal term?
Question No : 3
You are working in the Security Department of a law firm. One of the attorneys asks you about the topic of sending fake email because he has a client who has been charged with doing just that. His client alleges that he is innocent and that there is no way for a fake email to actually be sent. You inform the attorney that his client is mistaken and that fake email is a possibility and that you can prove it. You return to your desk and craft a fake email to the attorney that appears to come from his boss.
What port do you send the email to on the company SMTP server fake email to the attorney that appears to come from his boss.
Question No : 4
When marking evidence that has been collected with the aa/ddmmyy/nnnn/zz format, what does the nnn denote?
Question No : 5
If you are concerned about a high level of compression but not concerned about any possible data loss, what type of compression would you use?
Question No : 6
When performing a forensics analysis, what device is used to prevent the system from recording data on an evidence disk?
Question No : 7
What type of equipment would a forensics investigator store in a StrongHold bag?
Question No : 8
When investigating a network that uses DHCP to assign IP addresses, where would you look to determine which system (MAC address) had a specific IP address at a specific time?
Question No : 9
When making the preliminary investigations in a sexual harassment case, how many investigators are you recommended having?
Question No : 10
What layer of the OSI model do TCP and UDP utilize?
Question No : 11
With regard to using an antivirus scanner during a computer forensics investigation, you should:
Question No : 12
You have been asked to investigate the possibility of computer fraud in the finance department of a company. It is suspected that a staff member has been committing finance fraud by printing cheques that have not been authorized. You have exhaustively searched all data files on a bitmap image of the target computer, but have found no evidence. You suspect the files may not have been saved.
What should you examine next in this case?
Question No : 13
What hashing method is used to password protect Blackberry devices?
Question No : 14
Topic 2, Exam Set B
If a PDA is seized in an investigation while the device is turned on, what would be the proper procedure?
Question No : 15
BMP (Bitmap) is a standard file format for computers running the Windows operating system. BMP images can range from black and white (1 bit per pixel) up to 24 bit color (16.7 million colors). Each bitmap file contains header, the RGBQUAD array, information header, and image data.
Which of the following element specifies the dimensions, compression type, and color format for the bitmap?