Prepare for the Actual CHFI v10 312-49v10 Exam Practice Materials Collection [Q138-Q155]

QUESTION 138
Which of the following methods of mobile device data acquisition captures all the data present on the device, as well as all deleted data and access to unallocated space?

QUESTION 139
Simona has written a regular expression for the detection of web application-specific attack attempt that reads as /((%3C)|<K(%2F)|V)*[a-zO-9%I*((%3E)|>)/lx. Which of the following does the part (|%3E)|>) look for?

QUESTION 140
“In exceptional circumstances, where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to explain his/her actions and the impact of those actions on the evidence, in the court.” Which ACPO principle states this?

QUESTION 141
An attacker has compromised a cloud environment of a company and used the employee information to perform an identity theft attack. Which type of attack is this?

QUESTION 142
According to RFC 3227, which of the following is considered as the most volatile item on a typical system?

QUESTION 143
Jonathan is a network administrator who is currently testing the internal security of his network. He is attempting to hijack a session, using Ettercap, of a user connected to his Web server. Why will Jonathan not succeed?

QUESTION 144
Which of the following web browser uses the Extensible Storage Engine (ESE) database format to store browsing records, including history, cache, and cookies?

QUESTION 145
Which program is the bootloader when Windows XP starts up?

QUESTION 146
Gary, a computer technician, is facing allegations of abusing children online by befriending them and sending them illicit adult images from his office computer. What type of investigation does this case require?

QUESTION 147
Before performing a logical or physical search of a drive in Encase, what must be added to the program?

QUESTION 148
Place the following In order of volatility from most volatile to the least volatile.

QUESTION 149
Office Documents (Word, Excel and PowerPoint) contain a code that allows tracking the MAC or unique identifier of the machine that created the document. What is that code called?

QUESTION 150
An investigator needs to perform data acquisition from a storage media without altering its contents to maintain the Integrity of the content. The approach adopted by the Investigator relies upon the capacity of enabling read-only access to the storage medi a. Which tool should the Investigator Integrate Into his/her procedures to accomplish this task?

QUESTION 151
Sheila is a forensics trainee and is searching for hidden image files on a hard disk. She used a forensic investigation tool to view the media in hexadecimal code for simplifying the search process. Which of the following hex codes should she look for to identify image files?

QUESTION 152
Adam, a forensic analyst, is preparing VMs for analyzing a malware. Which of the following is NOT a best practice?

QUESTION 153
The ____________________ refers to handing over the results of private investigations to the authorities because of indications of criminal activity.

QUESTION 154
In a computer that has Dropbox client installed, which of the following files related to the Dropbox client store information about local Dropbox installation and the Dropbox user account, along with email IDs linked with the account?

QUESTION 155
Ronald, a forensic investigator, has been hired by a financial services organization to Investigate an attack on their MySQL database server, which Is hosted on a Windows machine named WIN-DTRAI83202X. Ronald wants to retrieve information on the changes that have been made to the database. Which of the following files should Ronald examine for this task?