New Year Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Guidance Software GD0-100 - Certification Exam For ENCE North America

Guidance Software GD0-100 Premium Access     Download Demo    
Page: 3 / 6
Total 176 questions

A standard Windows 98 boot disk is acceptable for booting a suspect drive.

A.

True

B.

False

The following GREP expression was typed in exactly as shown. Choose the answer(s) that would result. Jan 1st, 2?0?00

A.

Jan 1st , 1900

B.

Jan 1st , 2100

C.

Jan 1st , 2001

D.

Jan 1st , 2000

RAM is tested during which phase of the power-up sequence?

A.

Pre-POST

B.

After POST

C.

During POST

D.

None of the above.

You are assigned to assist with the search and seizure of several computers. The magistrate ordered that the computers cannot be seized unless they are found to contain any one of ten previously identified images. You currently have the ten images in JPG format. Using the EnCase methodology, how would you best handle this situation?

A.

UseFastBloc or a network/parallel port cable to preview the hard drives. Go to the Gallery view and search for the previously identified images.

B.

UseFastBloc or a network/parallel port cable to acquire forensic images of the hard drives, then search the evidence files for the previously identified images.

C.

UseFastBloc or a network/parallel port cable to preview the hard drives. Conduct a hash analysis of the files on the hard drives, using a hash library containing the hash values of the previously identified images.

D.

Use an EnCase DOS boot disk to conduct a text search for child porn. Use an EnCase DOS boot disk to conduct a text search for child porn?

The following keyword was typed in exactly as shown. Choose the answer(s) that would result. All search criteria have default settings. credit card

A.

Card

B.

Credit Card

C.

credit card

D.

Credit

Consider the following path in a FAT file system:

A.

From the My Pictures directory

B.

From the My Documents directory

C.

From the root directory c:\

D.

From itself

When does the POST operation occur?

A.

When SCSI devices are configured.

B.

When Windows starts up.

C.

After a computer begins to boot from a device.

D.

When the power button to a computer is turnedon.

The results of a hash analysis on an evidence file that has been added to a case will be stored in which of the following files?

A.

The evidence file

B.

All of the above

C.

The case file

D.

The configuration HashAnalysis.ini file

Which of the following selections would be used to keep track of a fragmented file in the FAT file system?

A.

The directory entry for the fragmented file

B.

The partition table of extents

C.

The File Allocation Table

D.

All of the above

If an evidence file has been added to a case and completely verified, what happens if the data area within the evidence file is later changed?

A.

EnCase will allow the examiner to continue to access the rest of the evidence file that has not been changed.

B.

EnCase detect the error if the evidence file is manually re-verified.

C.

EnCase will detect the error when that area of the evidence file is accessed by the user.

D.

All of the above.