Eccouncil 312 49v10 Computer Hacking Forensic Investigator Practice Test - Set 1

Test your knowledge with this Eccouncil 312 49v10 Computer Hacking Forensic Investigator mock exam. Get real-world IT questions and prepare for certification success.

312-49v10: Computer Hacking Forensic Investigator (C|HFI) - Exam Information

Exam Information

Exam Code

Eccouncil 312 49v10 Computer Hacking Forensic Investigator

Exam Title

312-49v10: Computer Hacking Forensic Investigator (C|HFI)

Vendor

EC Council

Difficulty

Advanced

Duration

4 Hours

Question Format

Multiple Choice

Last Updated

March 8, 2025

The 312-49v10 exam certifies skills in forensic investigation techniques.

Practice Test

Shop Best 312-49v10: Computer Hacking Forensic Investigator (C|HFI) Resources Worldwide Amazon

1. Which file system is commonly used in Windows forensic investigations?

NTFS
ext4
HFS+
XFS

2. Which tool is commonly used for Windows memory forensics?

Volatility
Metasploit
Wireshark
John the Ripper

3. Which hashing algorithm is commonly used to verify the integrity of forensic evidence?

SHA-256
MD5
AES-128
RSA-1024

4. Which organization provides guidelines for digital forensics investigations?

NIST
FCC
IETF
ISO

5. Which file format is commonly used for forensic disk images?

E01
ISO
VMDK
PDF

6. Which forensic process involves identifying and extracting deleted files?

Data Recovery
Hash Analysis
Steganography
Imaging

7. Which Windows registry hive stores user-specific information?

HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_CLASSES_ROOT
HKEY_USERS

8. Which forensic tool is used to analyze network traffic?

Wireshark
Cain & Abel
Netcat
Burp Suite

9. Which step in forensic investigations ensures the original evidence is not altered?

Write Blocking
Data Compression
Encryption
Obfuscation

10. Which term refers to hiding data inside other files or messages?

Steganography
Cryptography
Encoding
Hashing

11. Which type of forensic analysis focuses on web browsing history?

Browser Forensics
Memory Forensics
Mobile Forensics
Network Forensics

12. Which log file in Windows contains system events?

System Log
Security Log
Application Log
Network Log

13. Which type of attack modifies digital timestamps on files?

Timestamp Tampering
Brute Force
Privilege Escalation
Code Injection

14. Which command is used to list open network connections in Windows?

netstat
ps
top
ifconfig

15. Which forensic principle ensures that digital evidence is admissible in court?

Chain of Custody
Right to Audit
Data Retention Policy
Encryption

16. Which technique is used to recover data from a damaged hard drive?

Disk Imaging
File Carving
Memory Dumping
Steganalysis

17. Which forensic tool is used to analyze metadata in digital images?

ExifTool
John the Ripper
Hydra
Mimikatz

18. Which Windows artifact tracks recently accessed files?

Recent Files
Prefetch Files
SAM Database
BitLocker Logs

19. Which type of forensic investigation focuses on recovering deleted mobile data?

Mobile Forensics
Network Forensics
Cloud Forensics
Data Forensics

20. Which forensic method is used to extract data from volatile memory?

Memory Dumping
Disk Cloning
File Carving
Hashing

21. Which forensic tool is used for analyzing Windows registry?

RegRipper
FTK Imager
Autopsy
EnCase

22. What is the primary purpose of a write blocker in forensics?

To prevent modification of evidence
To encrypt forensic data
To compress disk images
To analyze network traffic

23. Which file system is used by macOS?

APFS
NTFS
ext4
FAT32

24. What is the purpose of the dd command in forensic imaging?

To create bit-by-bit copies
To analyze memory dumps
To recover deleted files
To crack passwords

25. Which Windows artifact contains information about executed programs?

Prefetch files
Pagefile.sys
Hiberfil.sys
Registry hives

26. What is the purpose of the sleuth kit in forensics?

To analyze disk images
To recover deleted partitions
To analyze network packets
To crack encryption

27. Which type of analysis focuses on recovering browser history?

Internet history analysis
Memory forensics
Network forensics
Mobile forensics

28. What is the purpose of the file command in Linux forensics?

To identify file types
To recover deleted files
To analyze memory
To crack passwords

29. Which forensic tool is used for mobile device analysis?

Cellebrite
Wireshark
Volatility
Autopsy

30. What is the purpose of the PhotoRec tool?

To recover deleted files
To analyze disk images
To crack passwords
To analyze memory

31. Which Windows registry hive contains user-specific settings?

HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_CLASSES_ROOT
HKEY_USERS

32. What is the purpose of the foremost tool in forensics?

To perform file carving
To analyze memory dumps
To crack passwords
To analyze network traffic

33. Which forensic technique is used to recover overwritten data?

File carving
Memory analysis
Network analysis
Registry analysis

34. What is the purpose of the log2timeline tool?

To create timeline analysis
To recover deleted files
To crack passwords
To analyze memory

35. Which Windows file contains memory contents during hibernation?

hiberfil.sys
pagefile.sys
swapfile.sys
Registry

36. What is the purpose of the Scalpel tool in forensics?

To perform file carving
To analyze disk images
To crack passwords
To analyze network traffic

37. Which forensic tool is used for analyzing email messages?

MailXaminer
Wireshark
Volatility
Autopsy

38. What is the purpose of the Bulk Extractor tool?

To extract information from disk images
To analyze memory dumps
To crack passwords
To analyze network traffic

39. Which Windows file is used for virtual memory?

pagefile.sys
hiberfil.sys
swapfile.sys
Registry

40. What is the purpose of the X-Ways Forensics tool?

To analyze disk images
To recover deleted partitions
To analyze network packets
To crack encryption

41. Which forensic technique analyzes system memory?

Memory forensics
Disk forensics
Network forensics
Mobile forensics

42. What is the purpose of the Plaso tool?

To create timeline analysis
To recover deleted files
To crack passwords
To analyze memory

43. Which Windows registry key contains recently used documents?

RecentDocs
Run
Services
SAM

44. What is the purpose of the Guymager tool?

To create forensic images
To analyze memory dumps
To crack passwords
To analyze network traffic

45. Which forensic technique analyzes network traffic?

Network forensics
Disk forensics
Memory forensics
Mobile forensics

46. What is the purpose of the Registry Recon tool?

To analyze Windows registry
To recover deleted files
To crack passwords
To analyze memory

47. Which Linux command shows open files?

lsof
ps
top
netstat

48. What is the purpose of the Oxygen Forensic Suite?

To analyze mobile devices
To analyze disk images
To crack passwords
To analyze network traffic

49. Which Windows registry key contains auto-start programs?

Run
RecentDocs
Services
SAM

50. What is the purpose of the Binwalk tool?

To analyze firmware images
To recover deleted files
To crack passwords
To analyze memory

51. Which forensic technique analyzes cloud storage?

Cloud forensics
Disk forensics
Memory forensics
Network forensics

52. What is the purpose of the Magnet AXIOM tool?

To perform comprehensive forensic analysis
To recover deleted partitions
To analyze network packets
To crack encryption

53. Which Windows artifact contains command history?

CMD history
Prefetch
Jump Lists
Registry

54. What is the purpose of the CAINE Linux distribution?

To perform forensic analysis
To recover deleted files
To crack passwords
To analyze network traffic

55. Which forensic technique analyzes database files?

Database forensics
Disk forensics
Memory forensics
Network forensics

56. What is the purpose of the Paladin forensic suite?

To perform forensic analysis
To recover deleted partitions
To analyze network packets
To crack encryption

57. Which Windows registry key contains network information?

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip
HKEY_CURRENT_USER\Software
HKEY_CLASSES_ROOT
HKEY_USERS

58. What is the purpose of the SIFT Workstation?

To perform forensic analysis
To recover deleted files
To crack passwords
To analyze network traffic

59. Which forensic technique analyzes IoT devices?

IoT forensics
Disk forensics
Memory forensics
Network forensics

60. What is the purpose of the BlackLight tool?

To analyze macOS systems
To recover deleted partitions
To analyze network packets
To crack encryption

61. Which Windows artifact contains USB device history?

USBSTOR registry key
Prefetch
Jump Lists
Registry

62. What is the purpose of the DEFT Linux distribution?

To perform forensic analysis
To recover deleted files
To crack passwords
To analyze network traffic

63. Which forensic technique analyzes social media?

Social media forensics
Disk forensics
Memory forensics
Network forensics

64. What is the purpose of the OSForensics tool?

To perform forensic analysis
To recover deleted partitions
To analyze network packets
To crack encryption

65. Which Windows registry key contains installed software?

HKEY_LOCAL_MACHINE\SOFTWARE
HKEY_CURRENT_USER\Software
HKEY_CLASSES_ROOT
HKEY_USERS

66. What is the purpose of the GRR Rapid Response tool?

To perform remote forensic analysis
To recover deleted files
To crack passwords
To analyze memory

67. Which forensic technique analyzes GPS data?

GPS forensics
Disk forensics
Memory forensics
Network forensics

68. What is the purpose of the KAPE tool?

To collect forensic artifacts
To analyze disk images
To crack passwords
To analyze network traffic

69. Which Windows artifact contains wireless network information?

WLAN profiles
Prefetch
Jump Lists
Registry

70. What is the purpose of the Velociraptor tool?

To perform endpoint monitoring and forensics
To recover deleted files
To crack passwords
To analyze memory

71. Which forensic technique analyzes cryptocurrency transactions?

Blockchain forensics
Disk forensics
Memory forensics
Network forensics

72. What is the purpose of the Redline tool?

To analyze memory and system information
To recover deleted partitions
To analyze network packets
To crack encryption

73. Which Windows registry key contains user account information?

SAM
SOFTWARE
SYSTEM
SECURITY

74. What is the purpose of the MVT tool?

To analyze mobile device data
To recover deleted files
To crack passwords
To analyze memory

75. Which forensic technique analyzes video surveillance systems?

DVR forensics
Disk forensics
Memory forensics
Network forensics

76. What is the purpose of the Belkasoft Evidence Center?

To perform comprehensive forensic analysis
To recover deleted partitions
To analyze network packets
To crack encryption

77. Which Windows artifact contains file access history?

Jump Lists
Prefetch
Registry
Event Logs

78. What is the purpose of the LiME tool?

To acquire Linux memory
To recover deleted files
To crack passwords
To analyze network traffic

79. Which forensic technique analyzes vehicle infotainment systems?

Vehicle forensics
Disk forensics
Memory forensics
Network forensics

80. What is the purpose of the F-Response tool?

To perform remote forensic acquisition
To analyze disk images
To crack passwords
To analyze network traffic

81. Which Windows registry key contains system boot information?

HKEY_LOCAL_MACHINE\SYSTEM
HKEY_CURRENT_USER\Software
HKEY_CLASSES_ROOT
HKEY_USERS

82. What is the purpose of the HstEx tool?

To analyze browser history
To recover deleted files
To crack passwords
To analyze memory

83. Which forensic technique analyzes industrial control systems?

ICS forensics
Disk forensics
Memory forensics
Network forensics

84. What is the purpose of the Xplico tool?

To analyze network traffic
To recover deleted files
To crack passwords
To analyze memory

85. Which Windows artifact contains printer activity?

Spooler files
Prefetch
Jump Lists
Registry

86. What is the purpose of the PEStudio tool?

To analyze executable files
To recover deleted partitions
To analyze network packets
To crack encryption

87. Which forensic technique analyzes gaming consoles?

Game console forensics
Disk forensics
Memory forensics
Network forensics

88. What is the purpose of the Bulk Extractor tool?

To extract information from disk images
To analyze memory dumps
To crack passwords
To analyze network traffic

89. Which Windows registry key contains security policy information?

SECURITY
SOFTWARE
SYSTEM
SAM

90. What is the purpose of the P2 Commander tool?

To perform forensic analysis
To recover deleted files
To crack passwords
To analyze network traffic

91. Which forensic technique analyzes smart home devices?

IoT forensics
Disk forensics
Memory forensics
Network forensics

92. What is the purpose of the Mandiant Redline tool?

To analyze memory and system information
To recover deleted partitions
To analyze network packets
To crack encryption

93. Which Windows artifact contains RDP connection history?

Terminal Server Client
Prefetch
Jump Lists
Registry

94. What is the purpose of the Eric Zimmerman's Tools?

To analyze Windows artifacts
To recover deleted files
To crack passwords
To analyze network traffic

95. Which forensic technique analyzes medical devices?

Medical device forensics
Disk forensics
Memory forensics
Network forensics

96. What is the purpose of the Magnet RAM Capture tool?

To acquire memory dumps
To recover deleted files
To crack passwords
To analyze network traffic

97. Which Windows registry key contains timezone information?

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation
HKEY_CURRENT_USER\Software
HKEY_CLASSES_ROOT
HKEY_USERS

98. What is the purpose of the Volatility Workbench?

To analyze memory dumps
To recover deleted files
To crack passwords
To analyze network traffic

99. Which forensic technique analyzes ATMs?

ATM forensics
Disk forensics
Memory forensics
Network forensics

100. What is the purpose of the Wireshark tool?

To analyze network traffic
To recover deleted files
To crack passwords
To analyze memory

101. Which Windows artifact contains search history?

Windows Search
Prefetch
Jump Lists
Registry

102. What is the purpose of the Ghidra tool?

To reverse engineer software
To recover deleted files
To crack passwords
To analyze network traffic

103. Which forensic technique analyzes drones?

Drone forensics
Disk forensics
Memory forensics
Network forensics

104. What is the purpose of the Rekall tool?

To analyze memory dumps
To recover deleted files
To crack passwords
To analyze network traffic

105. Which Windows registry key contains installed services?

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
HKEY_CURRENT_USER\Software
HKEY_CLASSES_ROOT
HKEY_USERS

106. What is the purpose of the The Sleuth Kit?

To analyze disk images
To recover deleted partitions
To analyze network packets
To crack encryption

107. Which forensic technique analyzes wearable devices?

Wearable forensics
Disk forensics
Memory forensics
Network forensics

108. What is the purpose of the FTK Imager?

To create and analyze forensic images
To recover deleted files
To crack passwords
To analyze network traffic

109. Which Windows registry key contains firewall settings?

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy
HKEY_CURRENT_USER\Software
HKEY_CLASSES_ROOT
HKEY_USERS

110. What is the purpose of the Autopsy tool?

To perform comprehensive forensic analysis
To recover deleted partitions
To analyze network packets
To crack encryption

The Eccouncil 312 49v10 Computer Hacking Forensic Investigator certification is a globally recognized credential for IT professionals. This practice test helps you prepare by covering key topics like hardware, networking, troubleshooting, and security.

Want more practice? Check out our other mock exams:

Eccouncil Ecsav Ec Council Certified Security Analyst
Eccouncil Certified Application Security Engineer Java
Eccouncil Certified Threat Intelligence Analyst
Eccouncil Ec Council Certified Ciso
Eccouncil Ics Scada Ics Scada Cyber Security
Eccouncil Certified Cybersecurity Technician

Support

📧 Email Support ❓ FAQ 📞 Contact Us

Legal

📄 Terms & Refund Policy 🔒 Privacy Policy ⚖️ DMCA

Company

👥 About Us 🗺️ Sitemap

Connect With Us

Follow for IT lab tutorials & certification updates

© 2025 ITCertRocket.com - Hands-On IT Lab Exercises & Certification Prep. All rights reserved.