Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Guidance Software GD0-100 - Certification Exam For ENCE North America

Guidance Software GD0-100 Premium Access     Download Demo    
Page: 1 / 6
Total 176 questions

An EnCase evidence file of a hard drive ________ be restored to another hard drive of equal or greater size.

A.

can

B.

cannot

You are working in a computer forensic lab. A law enforcement investigator brings you a computer and a valid search warrant. You have legal authority to search the computer. The investigator hands you a piece of paper that has three printed checks on it. All three checks have the same check and account number. You image the suspect computer and open the evidence file with EnCase. You checks have the same check and account number. You image the suspect's computer and open the evidence file with EnCase. You perform a text search for the account number and check number. Nothing returns on the search results. You perform a text search for all other information found on the printed checks and there is still nothing returned in the search results. You run a signature analysis and check the gallery. You cannot locate any graphical copies of the printed checks in the gallery. At this point, is it safe to say that the checks are not located on the suspect computer?

A.

No. The images could be located a compressed file.

B.

No. The images could be embedded in a document.

C.

No. The images could be in unallocated clusters.

D.

No. The images could be in an image format not viewable inside EnCase.

E.

All of the above.

Select the appropriate name for the highlighted area of the binary numbers.

A.

Word

B.

Dword

C.

Byte

D.

Nibble

E.

Bit

You are an investigator and have encountered a computer that is running at the home of a suspect. The computer does not appear to be a part of a network. The operating system is Windows XP Home. No programs are visibly running. You should:

A.

Pull the plug from the back of the computer.

B.

Turn it off with the power button.

C.

Pull the plug from the wall.

D.

Shut it down with the start menu.

The following keyword was typed in exactly as shown. Choose the answer(s) that would result. All search criteria have default settings. Speed and Meth

A.

Meth

B.

Meth Speed

C.

Speed andMeth

D.

Speed

Will EnCase allow a user to write data into an acquired evidence file

A.

Yes, but only bookmarks.

B.

Yes, but only to resize the partitions.

C.

No. Data cannot be added to the evidence file after the acquisition is made.

D.

Yes, but only case information.

E.

No, unless the user established a writing privilege when the evidence was acquired.

You are at an incident scene and determine that a computer contains evidence as described in the search warrant. When you seize the computer, you should:

A.

Record nothing to avoid inaccuracies that might jeopardize the use of the evidence.

B.

Record the location that the computer was recovered from.

C.

Record the identity of the person(s) involved in the seizure.

D.

Record the date and time the computer was seized.

Search terms are case sensitive by default.

A.

False

B.

True

The default export folder remains the same for all cases.

A.

True

B.

False

Select the appropriate name for the highlighted area of the binary numbers.

A.

Byte

B.

Dword

C.

Word

D.

Bit

E.

Nibble