New Year Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Guidance Software GD0-100 - Certification Exam For ENCE North America

Guidance Software GD0-100 Premium Access     Download Demo    
Page: 5 / 6
Total 176 questions

What files are reconfigured or deleted by EnCase during the creation of an EnCase boot disk?

A.

command.com

B.

autoexec.bat

C.

drvspace.bin

D.

io.sys

EnCase can build a hash set of a selected group of files.

A.

True

B.

False

This question addresses the EnCase for Windows search process. If a target word is located in the unallocated space, and the word is fragmented between clusters 10 and 15, the search:

A.

Will not find it because the letters of the keyword are not contiguous.

B.

Will not find it because EnCase performs a physical search only.

C.

Will find it because EnCase performs a logical search.

D.

Will not find it unlessile slack?is checked on the search dialog box. Will not find it unless ?ile slack?is checked on the search dialog box.

Searches and bookmarks are stored in the evidence file.

A.

False

B.

True

You are investigating a case of child pornography on a hard drive containing Windows XP. In the :\Documents and Settings\Bad You are investigating a case of child pornography on a hard drive containing Windows XP. In the C:\Documents and Settings\Bad Guy\Local Settings\Temporary Internet Files folder you find three images

of child pornography. You find no other copies of the images on the suspect hard drive, and you find no other copies of the filenames. What can be deduced from your findings?

A.

The presence and location of the images is not strong evidence of possession.

B.

The presence and location of the images is strong evidence of possession.

C.

The presence and location of the images proves the images were intentionally downloaded.

D.

Both a and c

By default, what color does EnCase use for slack?

A.

Black on red

B.

Red on black

C.

Red

D.

Black

If a hard drive is left in a room while acquiring, and several persons have access to that room, which of the following areas would be of most concern?

A.

Storage

B.

There is no concern

C.

Cross-contamination

D.

Chain-of-custody

If a hash analysis is run on a case, EnCase:

A.

Will compute a hash value of the evidence file and begin a verification process.

B.

Will generate a hash set for every file in the case.

C.

Will compare the hash value of the files in the case to the hash library.

D.

Will create a hash set to the user specifications. Will create a hash set to the user?specifications.

By default, EnCase will display the data from the end of a logical file, to the end of the cluster, in what color:

A.

Red

B.

Red on black

C.

Black on red

D.

Black

By default, what color does EnCase use for the contents of a logical file

A.

Red

B.

Red on black

C.

Black

D.

Black on red