Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-49v10 All Questions

View all questions & answers for the 312-49v10 exam
Go to Exam

Exam 312-49v10 topic 1 question 237 discussion

Actual exam question from ECCouncil's 312-49v10
Question #: 237
Topic #: 1
[All 312-49v10 Questions]

What advantage does the tool Evidor have over the built-in Windows search?

  • A. It can find deleted files even after they have been physically removed
  • B. It can find bad sectors on the hard drive
  • C. It can search slack space
  • D. It can find files hidden within ADS
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Manzer at March 11, 2023, 3:07 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
aqeel1506
4 months, 1 week ago
The correct answer is D. It can find files hidden within ADS (Alternate Data Streams). Evidor is a digital forensics tool that can search for files and data on a Windows file system, including Alternate Data Streams (ADS), which are not indexed by the built-in Windows search. ADS allows files to contain hidden data streams, which can be used to conceal malicious files or data. While Windows search can find files based on their contents, it does not search ADS by default. Evidor, on the other hand, is designed to search for hidden data, including files hidden in ADS.
upvoted 2 times
...
Elb
6 months, 3 weeks ago
Selected Answer: C
C < https://www.x-ways.net/evidor/
upvoted 1 times
...
Elb
1 year, 4 months ago
C: Cause you can find files hidden within ADS using the windows search as well, so the advantage is with Evidor you can check slack.
upvoted 1 times
...
marymayhem
1 year, 4 months ago
Selected Answer: C
https://www.x-ways.net/evidor/: "Evidor allows to search text on hard disks and retrieves the context of keyword occurrences on computer media, not only by examining all files (the entire allocated space, even Windows swap/paging and hibernate files), but also currently unallocated space and so-called slack space."
upvoted 1 times
...
Manzer
1 year, 8 months ago
Selected Answer: D
It can find files hidden within ADS (Alternate Data Streams). ADS is a feature in the NTFS file system used in Windows that allows files to be hidden inside other files without changing the size or appearance of the host file. This can be used to hide malicious software, data or other files. Evidor is a tool used for digital forensics investigations, and it has the ability to search for files hidden within ADS, as well as to search for other types of hidden files, metadata, and other digital artifacts. In contrast, the built-in Windows search feature does not have the capability to search for files hidden within ADS, making Evidor a valuable tool in forensic investigations. Option A is incorrect because once a file is physically removed from the hard drive, it cannot be found by any search tool. Option B is incorrect because finding bad sectors on the hard drive is a function of disk repair tools and is not related to file search. Option C is also incorrect as searching slack space is a feature that is included in many file recovery tools, but not necessarily in Evidor.
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel