ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-49v10 All Questions

View all questions & answers for the 312-49v10 exam
Go to Exam

Exam 312-49v10 topic 1 question 36 discussion

Actual exam question from ECCouncil's 312-49v10
Question #: 36
Topic #: 1
[All 312-49v10 Questions]

When investigating a potential e-mail crime, what is your first step in the investigation?

  • A. Trace the IP address to its origin
  • B. Write a report
  • C. Determine whether a crime was actually committed
  • D. Recover the evidence
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by JDKirk at Nov. 24, 2021, 4:47 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
044f354
4 months ago
Selected Answer: D
[CORRECT] D. Recover the evidence. One must first collect evidence, then analyze to determine whether a crime was actually committed. [INCORRECT] Option C. Determine whether a crime was actually committed. This happens much later in the process, during analysis. ----------------- EC Council Official Curricula Computer Hacking Forensic Investigator https://bookshelf.vitalsource.com/reader/books/9781635676969/ Module 02 Page 164 Analyzing the Data "Investigators must thoroughly analyze the acquired data to draw conclusions related to the case."
upvoted 1 times
...
4bd3116
11 months, 2 weeks ago
Selected Answer: C
The word is potential!
upvoted 1 times
...
Dumas
1 year ago
The word is potential. Did anything actually happen.
upvoted 1 times
...
Dumas
1 year ago
C would be the first step before you start your work.
upvoted 2 times
...
Elb
1 year, 1 month ago
Selected Answer: D
Steps to investigate an email crime: 1. Seizing the computer and email accounts 2. Acquiring the email data 3. Examining email messages 4. Retrieving email headers 5. Analyzing email headers 6. Recovering deleted email messages
upvoted 2 times
...
vcloudpmp
3 years, 4 months ago
From the official EC Council courseware - step 1 is recover the evidence. Seize the email accounts, acquire the email data, examine the messages and then the headers.
upvoted 4 times
...
K3nz0420
3 years, 4 months ago
It’s referencing email related crimes , first thing to is trace the IP seems more logical in this context
upvoted 1 times
...
JDKirk
3 years, 7 months ago
Selected Answer: D
The question is unclear as to what stage of the process the investigation is at. At the very beginning of an email investigation, wouldn't you want to retrieve the email in question?
upvoted 4 times
AspiringScriptKiddie
3 years, 4 months ago
I agree with JDKirk, if it's a "potential" crime and this is the first step, why would we start tracing IP addresses and how could we trace IP addresses if we didn't first recover the evidence? ...maybe the word, "recover" excludes D as the best choice since it means specifically that something was hidden or destroyed which isn't necessarily the case within this context so the next best answer is tracing the IP address?
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel