212-89 Exam Dumps - EC Council Certified Incident Handler (ECIH v3)

Evidence assessment is a critical step in the investigation phase of the computer forensics process. This step involves evaluating the evidence collected to determine its relevance and significance to the case at hand. It includes analyzing the secured data to identify what information can be used as evidence, its integrity, and how it can be related to the security incident. This phase is pivotal as it helps in building a coherent understanding of the incident and in establishing facts that can be presented in management reports or legal proceedings.

References:The Certified Incident Handler (ECIH v3) by EC-Council includes a comprehensive discussion on the computer forensics investigation process, detailing steps from securing evidence to analyzing and assessing it within the context of an investigation.

BrowsingHistoryView is a tool designed to collect and analyze history data from various web browsers, including Microsoft Edge. It allows users to view the browsing history stored by their browsers in one unified interface. This includes URLs visited, page titles, visit times, and the number of visits to each page. While ChromeHistoryView is specific to Google Chrome, BrowsingHistoryView supports multiple browsers, making it versatile for analyzing history data across different platforms. MZCacheView and MZHistoryView do not exist as tools recognized for this purpose in the context of Microsoft Edge or other browser history analysis.References:Incident Handler (ECIH v3) courses and study guides emphasize the importance of using digital forensic tools, such as BrowsingHistoryView, for analyzing web browser data during investigations.

The port scanning technique that involves resetting the TCP connection between the client and server abruptly before the completion of the three-way handshake, thereby leaving the connection half-open, is known as a Stealth scan (also referred to as a SYN scan). This technique allows the scanner to inquire about the status of a port without establishing a full TCP connection, making the scan less detectible to intrusion detection systems and lesslikely to be logged by the target. It's a method used to discreetly discover open ports on a target machine without establishing a full connection that would be visible in logs.References:ECIH v3 certification materials often cover different types of network scanning techniques, including Stealth scans, explaining their methodologies, purposes, and how they can be detected or mitigated.

The technique described, where an attacker applies a magnetic field to a digital media device to clean it of any previously stored data, is known as disk degaussing. Degaussing is a method used to erase a disk or tape by exposing it to a strong magnetic field, destroying the magnetic data storage mechanism and leaving the device clean of any data. This process is effectively used for wiping digital evidence in a way that makes recovery impossible, serving as a method of anti-forensics. Unlike file wiping utilities or disk cleaning utilities, which overwrite or delete data (potentially leaving traces that can be recovered), degaussing physically alters the storage medium itself, making data recovery unfeasible.References:The ECIH v3 certification program discusses various artifact wiping techniques, including degaussing, as part of understanding anti-forensic methods that attackers use to evade detection and investigation.

In the described attack, where attackers pose as legitimate access points (APs) by beaconing the WLAN's SSID to lure users, the attack is known as an Evil twin AP attack. This type of attack involves setting up a rogue AP with the same SSID as a legitimate wireless access point, making it appear as an authorized network to users. Unsuspecting users may connect to this malicious AP, allowing attackers to intercept sensitive information, conduct man-in-the-middle attacks, or distribute malware. The Evil twin AP attack exploits the trust users have in known SSIDs to compromise their security.References:Incident Handler (ECIH v3) certification materials discuss various confidentiality and network attacks, including Evil twin AP attacks, highlighting their mechanisms and how to defend against them.