Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-49 All Questions

View all questions & answers for the 312-49 exam
Go to Exam

Exam 312-49 topic 1 question 29 discussion

Actual exam question from ECCouncil's 312-49
Question #: 29
Topic #: 1
[All 312-49 Questions]

Which is a standard procedure to perform during all computer forensics investigations?

  • A. with the hard drive removed from the suspect PC, check the date and time in the system's CMOS
  • B. with the hard drive in the suspect PC, check the date and time in the File Allocation Table
  • C. with the hard drive removed from the suspect PC, check the date and time in the system's RAM
  • D. with the hard drive in the suspect PC, check the date and time in the system's CMOS
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Bennoli13 at June 13, 2024, 8:44 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Bennoli13
5 months, 2 weeks ago
The answer should be D. Removing the hard drive before checking the CMOS settings can potentially alter the system state and might affect the investigation. Besides, to get an accurate read of the time settings as they relate to file timestamps, it's important to check them in their current state.
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel