Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-49v10 All Questions

View all questions & answers for the 312-49v10 exam
Go to Exam

Exam 312-49v10 topic 1 question 819 discussion

Actual exam question from ECCouncil's 312-49v10
Question #: 819
Topic #: 1
[All 312-49v10 Questions]

During a forensic investigation of a system suspected to be involved in cybercrime, the investigator observes discrepancies between the $STANDARD_INFORMATION and $FILE_NAME creation dates for some files. As part of the investigation process, the investigator also noted that a utility called BCWipe was found installed on the system. What would be the investigator's most plausible conclusion based on these observations?

  • A. The system user used BCWipe to delete specific files securely
  • B. The system was compromised with malware that altered the metadata
  • C. The files were encrypted using the BCWipe utility
  • D. The timestamps for some files have been manipulated, possibly as an anti-forensic measure
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by aqeel1506 at July 23, 2024, 8:18 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
aqeel1506
4 months ago
D. The timestamps for some files have been manipulated, possibly as an anti-forensic measure Explanation: $STANDARD_INFORMATION and $FILE_NAME attributes in the NTFS file system store timestamps related to file creation, modification, and access. Discrepancies between these timestamps can indicate that the file's metadata has been altered. BCWipe is a utility designed to securely delete files and wipe data, which includes features that can manipulate file timestamps as an anti-forensic measure to obscure the true timeline of file activity. Based on the presence of BCWipe and the observed timestamp discrepancies, it is most plausible that the file timestamps have been deliberately manipulated, potentially as part of an effort to cover tracks and hinder forensic analysis.
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel