ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-49v10 All Questions

View all questions & answers for the 312-49v10 exam
Go to Exam

Exam 312-49v10 topic 1 question 663 discussion

Actual exam question from ECCouncil's 312-49v10
Question #: 663
Topic #: 1
[All 312-49v10 Questions]

You are a forensic investigator who is analyzing a hard drive that was recently collected as evidence. You have been unsuccessful at locating any meaningful evidence within the file system and suspect a drive wiping utility may have been used. You have reviewed the keys within the software hive of the Windows registry and did not find any drive wiping utilities. How can you verify that drive wiping software was used on the hard drive?

  • A. Check the list of installed programs
  • B. Look for distinct repeating patterns on the hard drive at the bit level
  • C. Document in your report that you suspect a drive wiping utility was used, but no evidence was found
  • D. Load various drive wiping utilities offline, and export previous run reports
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Manzer at March 13, 2023, 2:10 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
581777a
8 months, 3 weeks ago
Selected Answer: B
B. Look for distinct repeating patterns on the hard drive at the bit level When a drive wiping utility is used to securely erase data, it usually overwrites the existing data with random patterns or specific bit patterns to ensure that the original data cannot be recovered. By analyzing the hard drive at the bit level, you can look for patterns that suggest deliberate data erasure.
upvoted 4 times
...
Manzer
1 year, 2 months ago
Selected Answer: B
A drive wiping utility will overwrite data on the hard drive with random data or zeroes, creating a distinct repeating pattern on the hard drive at the bit level. A forensic investigator can use various tools to examine the hard drive at the bit level, such as hex editors or specialized forensic analysis software. By analyzing the data at the bit level, an investigator can identify the presence of a drive wiping utility even if the utility's keys are not present in the Windows registry.
upvoted 2 times
hisham
11 months, 3 weeks ago
correct
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago