The EC-Council 312-49 Exam is challenging and thorough preparation is essential for success. This exam study guide is designed to help you prepare for the CHFI certification exam. It contains a detailed list of the topics covered on the Professional exam, as well as a detailed list of preparation resources. These study guide for the EC-Council Computer Hacking Forensic Investigator will help guide you through the study process for your certification.

312-49 EC-Council Computer Hacking Forensic Investigator Exam Summary

Exam Name: EC-Council Computer Hacking Forensic Investigator (CHFI)

Exam Code: 312-49

Exam Price: $500 (USD)

Duration: 240 mins

Number of Questions: 150

Passing Score: 70%

Reference Books: Courseware

Schedule Exam: Pearson VUE

Sample Questions: EC-Council CHFI Sample Questions

Recommended Practice: EC-Council 312-49 Certification Practice Exam

Exam Syllabus: 312-49 EC-Council Computer Hacking Forensic Investigator (CHFI)

1. Computer Forensics in Today’s World

2. Computer Forensics Investigation Process

3. Understanding Hard Disks and File Systems

4. Operating System Forensics

5. Defeating Anti-Forensics Techniques

6. Data Acquisition and Duplication

7. Network Forensics

8. Investigating Web Attacks

9. Database Forensics

10. Cloud Forensics

11. Malware Forensics

12. Investigating Email Crimes

13. Mobile Forensics

14. Investigative Reports

EC-Council 312-49 Certification Sample Questions and Answers

To make you familiar with EC-Council Computer Hacking Forensic Investigator (312-49) certification exam structure, we have prepared this sample question set. We suggest you to try our Sample Questions for CHFI v9 312-49 Certification to test your understanding of EC-Council 312-49 process with real EC-Council certification exam environment.

312-49 EC-Council Computer Hacking Forensic Investigator Sample Questions:-

01. Syslog is a client/server protocol standard for forwarding log messages across an IP network. Syslog uses ___________to transfer log messages in a clear text format.

a) TCP

b) FTP

c) SMTP

d) POP

Answer: a

02. What is the First Step required in preparing a computer for forensics investigation?

a) Do not turn the computer off or on, run any programs, or attempt to access data on a computer

b) Secure any relevant media

c) Suspend automated document destruction and recycling policies that may pertain to any relevant media or users at Issue

d) Identify the type of data you are seeking, the Information you are looking for, and the urgency level of the examination

Answer: a

03. A forensic investigator is a person who handles the complete Investigation process, that is, the preservation, identification, extraction, and documentation of the evidence. The investigator has many roles and responsibilities relating to the cybercrime analysis. The role of the forensic investigator is to:

a) Take permission from all employees of the organization for investigation

b) Harden organization network security

c) Create an image backup of the original evidence without tampering with potential evidence

d) Keep the evidence a highly confidential and hide the evidence from law enforcement agencies

Answer: c

04. File deletion is a way of removing a file from a computer's file system. What happens when a file is deleted in windows7?

a) The last letter of a file name is replaced by a hex byte code E5h

b) The operating system marks the file's name in the MFT with a special character that indicates that the file has been deleted

c) Corresponding clusters in FAT are marked as used

d) The computer looks at the clusters occupied by that file and does not avails space to store a new file

Answer: b

05. BMP (Bitmap) is a standard file format for computers running the Windows operating system. BMP images can range from black and white (1 bit per pixel) up to 24 bit color (16.7 million colors). Each bitmap file contains header, the RGBQUAD array, information header, and image data. Which of the following element specifies the dimensions, compression type, and color format for the bitmap?

a) Header

b) The RGBQUAD array

c) Information header

d) Image data

Answer: b

06. When collecting evidence from the RAM, where do you look for data?

a) Swap file

b) SAM file

c) Data file

d) Log file

Answer: a

07. Depending upon the Jurisdictional areas, different laws apply to different incidents. Which of the following law is related to fraud and related activity in connection with computers?

a) 18 USC 7029

b) 18 USC 7030

c) 18 USC 7361

d) 18 USC 7371

Answer: b

08. LBA (Logical Block Address) addresses data by allotting a ___________to each sector of the hard disk.

a) Sequential number

b) Index number

c) Operating system number

d) Sector number

Answer: a

09. How do you define Technical Steganography?

a) Steganography that uses physical or chemical means to hide the existence of a message

b) Steganography that utilizes written natural language to hide the message in the carrier in some non-obvious ways

c) Steganography that utilizes written JAVA language to hide the message in the carrier in some non-obvious ways

d) Steganography that utilizes visual symbols or signs to hide secret messages

Answer: a

10. Which is not a part of environmental conditions of a forensics lab?

a) Large dimensions of the room

b) Good cooling system to overcome excess heat generated by the work station

c) Allocation of workstations as per the room dimensions

d) Open windows facing the public road

Answer: d