ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-49 All Questions

View all questions & answers for the 312-49 exam
Go to Exam

Exam 312-49 topic 1 question 47 discussion

Actual exam question from ECCouncil's 312-49
Question #: 47
Topic #: 1
[All 312-49 Questions]

If you plan to startup a suspect's computer, you must modify the ___________ to ensure that you do not contaminate or alter data on the suspect's hard drive by booting to the hard drive.

  • A. deltree command
  • B. CMOS
  • C. Boot.sys
  • D. Scandisk utility
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Pet at June 15, 2019, 12:09 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
habaoui
2 months, 2 weeks ago
B. CMOS When you start up a suspect's computer, you should modify the CMOS (Complementary Metal-Oxide Semiconductor) settings to ensure that the computer does not boot directly from the hard drive. This is done to prevent any alterations or contamination of potential evidence on the suspect's drive. Instead, forensic investigators typically boot from a trusted forensic boot disk or USB drive, ensuring that the suspect's OS and software don't run and potentially change data.
upvoted 1 times
...
Ceh2024
3 months, 1 week ago
Selected Answer: B
The BIOS settings are stored in the CMOS chip. We can change the boot order in BIOS setup Utility to CD or USB to avoid the contaminate or alter data on the suspect's hard drive.
upvoted 1 times
...
jordy55
1 year ago
Selected Answer: B
CMOS contains boot order among other basic bios settings. The battery powers this piece of memory, but it still is a cmos memory chip with a bettery.
upvoted 1 times
...
Tonymoo
1 year, 2 months ago
One cannot "modify" CMOS given that it is a motherboard battery; a piece of hardware. It can however be removed. Modification of boot order however will allow boot to a different device.
upvoted 1 times
...
Ariel235788
1 year, 11 months ago
Given answer is correct. You DO NOT REMOVE THE CMOS. the CMOS battery will 100% alter data. Changing the boot device does not mess with integrity whatsoever. Imagine if the hard drive being investigated had macros enabled for if certain keystrokes were not pressed upon boot that all data on the hard drive gets erased. Since you booted to that hard drive still and did not implement the proper keystrokes, now data is erased and the investigation gets thrown out. Things can happen on boot so changing the boot order is the proper answer here. Again, removing the CMOS battery will affect the system. https://www.technewstoday.com/motherboard-cmos-battery-dead/#:~:text=Removing%20the%20CMOS%20battery%20will,time%20you%20start%20your%20computer.
upvoted 1 times
...
GSEC_FANATIC
2 years, 2 months ago
Answer C would be a breach of integrity. By altering the boot.sys, you are changing possible evidence. Correct answer would be B.
upvoted 1 times
...
ireen
4 years, 3 months ago
I believe, B should be the answer as modifying boot.sys will contaminate the evidence.
upvoted 4 times
...
haymaths
4 years, 3 months ago
B is the as CMOS contains the configuration to start up the system
upvoted 4 times
Tonymoo
1 year, 2 months ago
CMOS is not the same as BIOS. CMOS is just the motherboard battery.
upvoted 1 times
jordy55
1 year ago
No CMOS Battery is the battery. CMOS itself definitely holds data.
upvoted 1 times
...
...
...
Pet
4 years, 6 months ago
Answer is B
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago