ECCouncil Computer Hacking Forensic Investigator v7.3

If you are concerned about a high level of compression but not concerned about any possible data loss, what type of compression would you use?

When carrying out a forensics investigation, why should you never delete a partition on a dynamic disk?

Which legal document allows law enforcement to search an office, place of business, or other locale for evidence relating to an alleged crime?

How often must a company keep log files for them to be admissible in a court of law?

Which is a standard procedure to perform during all computer forensics investigations?

Where does Encase search to recover NTFS files and folders?

Jacob is a computer forensics investigator with over 10 years experience in investigations and has written over 50 articles on computer forensics. He has been called upon as a qualified witness to testify the accuracy and integrity of the technical log files gathered in an investigation into computer fraud. What is the term used for Jacob testimony in this case?computer fraud. What is the term used for Jacob? testimony in this case?

You are working in the Security Department of a law firm. One of the attorneys asks you about the topic of sending fake email because he has a client who has been charged with doing just that. His client alleges that he is innocent and that there is no way for a fake email to actually be sent. You inform the attorney that his client is mistaken and that fake email is a possibility and that you can prove it. You return to your desk and craft a fake email to the attorney that appears to come from his boss. What port do you send the email to on the company SMTP server?fake email to the attorney that appears to come from his boss. What port do you send the email to on the company? SMTP server?

What is one method of bypassing a system BIOS password?

Harold is a computer forensics investigator working for a consulting firm out of Atlanta
Georgia. Harold is called upon to help with a corporate espionage case in Miami Florida.
Harold assists in the investigation by pulling all the data from the computers allegedly used in the illegal activities. He finds that two suspects in the company where stealing sensitive corporate information and selling it to competing companies. From the email and instant messenger logs recovered, Harold has discovered that the two employees notified the buyers by writing symbols on the back of specific stop signs. This way, the buyers knew when and where to meet with the alleged suspects to buy the stolen material. What type of steganography did these two suspects use?

What is the slave device connected to the secondary IDE controller on a Linux OS referred to?

You are called in to assist the police in an investigation involving a suspected drug dealer.
The police searched the suspect house after aYou are called in to assist the police in an investigation involving a suspected drug dealer. The police searched the suspect? house after a warrant was obtained and they located a floppy disk in the suspect bedroom. The disk contains several files, but they appear to be passwordwarrant was obtained and they located a floppy disk in the suspect? bedroom. The disk contains several files, but they appear to be password protected. What are two common methods used by password cracking software that you could use to obtain the password?

During an investigation, an employee was found to have deleted harassing emails that were sent to someone else. The company was using Microsoft Exchange and had message tracking enabled. Where could the investigator search to find the message tracking log file on the Exchange server?

Paul is a computer forensics investigator working for Tyler & Company Consultants. Paul has been called upon to help investigate a computer hacking ring broken up by the local police. Paul begins to inventory the PCs found in the hackers?hideout. Paul then comes across a PDA left by them that is attached to a number of different peripheral devices.
What is the first step that Paul must take with the PDA to ensure the integrity of the investigation?