312-49v11試験無料問題集「EC-COUNCIL Computer Hacking Forensic Investigator (CHFI-v11) 認定」

Which following forensic tool allows investigator to detect and extract hidden streams on NTFS drive?

Ron. a computer forensics expert, Is Investigating a case involving corporate espionage. He has recovered several mobile computing devices from the crime scene. One of the evidence that Ron possesses is a mobile phone from Nokia that was left in on condition. Ron needs to recover the IMEI number of the device to establish the identity of the device owner. Which of the following key combinations he can use to recover the IMEI number?

What is one method of bypassing a system BIOS password?

A digital forensics investigator is analyzing the memory dump from a suspicious computer using the Bulk Extractor tool. He found a domain associated with Gmail (mail.google.com) and an associated Gmail ID. From the json.txt file, he discovered an email composed from the browser with an attachment. He also found an opened email with a different attachment in the memory dump. After identifying these items, what should be the investigator's next immediate step?

Which of the following is a database in which information about every file and directory on an NT File System (NTFS) volume is stored?

A company is investigating an issue with one of their Windows servers that fails to boot up. The IT forensics team is called upon to determine the cause of the issue. According to the standard Windows Boot Process (BIOS-MBR method), what is the likely issue if the system fails right after the BIOS completes the power-on self-test (POST) and before the master boot record (MBR) is loaded?

Which tool does the investigator use to extract artifacts left by Google Drive on the system?

When Investigating a system, the forensics analyst discovers that malicious scripts were Injected Into benign and trusted websites. The attacker used a web application to send malicious code. In the form of a browser side script, to a different end-user. What attack was performed here?

Jeff is a forensics investigator for a government agency's cyber security office. Jeff Is tasked with acquiring a memory dump of a Windows 10 computer that was involved In a DDoS attack on the government agency's web application. Jeff is onsite to collect the memory. What tool could Jeff use?

A large multinational corporation suspects an internal breach of its data center and hires a forensic investigator. The investigator is required to conduct a search on the emails of an employee who is a US citizen, believed to be communicating classified information with a foreign entity. The forensic investigator, while respecting international laws and US privacy laws, should:

Wireless network discovery tools use two different methodologies to detect, monitor and log a WLAN device (i.e. active scanning and passive scanning). Active scanning methodology involves
____________and waiting for responses from available wireless networks.

Simona has written a regular expression for the detection of web application-specific attack attempt that reads as /((\%3C)|<K(\%2F)|V)*[a-zO-9\%I*((\%3E)|>)/lx.
Which of the following does the part (|\%3E)|>) look for?

The objective of this act was to protect consumers personal financial information held by financial institutions and their service providers.

Your organization is implementing a new database system and has chosen MySQL due to its pluggable storage engine capability and ability to handle parallel write operations securely. You are responsible for selecting the best-suited storage engine for your company's needs, which predominantly involves transactional processing, crash recovery, and high data consistency requirements. What would be the most appropriate choice?

Which of the following processes is part of the dynamic malware analysis?

Which of the following Linux command searches through the current processes and lists the process IDs those match the selection criteria to stdout?

An on-site incident response team is called to investigate an alleged case of computer tampering within their company. Before proceeding with the investigation, the CEO informs them that the incident will be classified as low level. How long will the team have to respond to the incident?

Computer security logs contain information about the events occurring within an organization's systems and networks. Which of the following security logs contains Logs of network and host- based security software?

What technique used by Encase makes it virtually impossible to tamper with evidence once it has been acquired?

If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can you conclude?