Computer Hacking Forensic Investigator
Exam: EC0-349
Demo Edition
© 2005- 2006 Test Killer, LTD All Rights Reserved
EC0-349
1
http://www.testkiller.com
http://www.troytec.com
QUESTION: 1
When an investigator contacts by telephone the domain administrator or controller listed by a
whois lookup to request all e-mails sent and received for a user account be preserved, what
U.S.C. statute authorizes this phone call and obligates the ISP to preserve e-mail records?
A. Title 18, Section 1030
B. Title 18, Section 2703(d)
C. Title 18, Section Chapter 90
D. Title 18, Section 2703(f)
Answer: D
QUESTION: 2
If you come across a sheepdip machine at your client site, what would you infer?
A. A sheepdip coordinates several honeypots
B. A sheepdip computer is another name for a honeypot
C. A sheepdip computer is used only for virus-checking.
D. A sheepdip computer defers a denial of service attack
Answer: C
QUESTION:3
In a computer forensics investigation, what describes the route that evidence takes from
the time you find it until the case is closed or goes to court?
A. rules of evidence
B. law of probability
C. chain of custody
D. policy of separation
Answer: C
QUESTION:4
How many characters long is the fixed-length MD5 algorithm checksum of a critical
system file?
A. 128
B. 64
C. 32
D. 16
Answer: C
QUESTION:5
To calculate the number of bytes on a disk, the formula is: CHS**
A. number of circles x number of halves x number of sides x 512 bytes per sector
B. number of cylinders x number of halves x number of shims x 512 bytes per sector
C. number of cells x number of heads x number of sides x 512 bytes per sector
D. number of cylinders x number of halves x number of shims x 512 bytes per sector
Answer: Pending. Please put your suggestions to gary@troytecsupport.com.
EC0-349
2
http://www.testkiller.com
http://www.troytec.com
QUESTION:6
You are using DriveSpy, a forensic t