New Year Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Guidance Software GD0-110 - Certification Exam for EnCE Outside North America

Guidance Software GD0-110 Premium Access     Download Demo    
Page: 3 / 6
Total 174 questions

A file extension and signature can be manually added by:

A.

Using the new set feature under hash sets.

B.

Using the new file signature feature under file signatures.

C.

Using the new library feature under hash libraries.

D.

Right-clicking on a file and selecting add.

The spool files that are created during a print job are __________ after the print job is completed.

A.

wiped

B.

deleted and wiped

C.

deleted

D.

moved

Searches and bookmarks are stored in the evidence file.

A.

True

B.

False

How does EnCase verify that the case information (Case Number, Evidence Number, Investigator Name, etc) in an evidence file has not been damaged or changed, after the evidence file has been written?

A.

The .case file writes a CRC value for the case information and verifies it when the case is opened.

B.

EnCase does not verify the case information and case information can be changed by the user as it becomes necessary.

C.

EnCase writes a CRC value of the case information and verifies the CRC value when the evidence is added to a case.

D.

EnCase writes an MD5 hash value for the entire evidence file, which includes the case information, and verifies the MD5 hash when the evidence is added to a case.

Which of the following would be a true statement about the function of the BIOS?

A.

The BIOS is responsible for swapping out memory pages when RAM fills up.

B.

The BIOS is responsible for checking and configuring the system after the power is turned on.

C.

The BIOS integrates compressed executable files with memory addresses for faster execution.

D.

Both a and c.

In DOS and Windows, how many bytes are in one FAT directory entry?

A.

8

B.

16

C.

32

D.

64

E.

Variable

A case file can contain ____ hard drive images?

A.

1

B.

5

C.

10

D.

any number of

When a document is printed using EMF in Windows, what file(s) are generated in the spooling process?

A.

The .SPL file

B.

The .SHD file

C.

Both a and b

D.

Neither a or b

What are the EnCase configuration .ini files used for?

A.

Storing information that is specific to a particular case.

B.

Storing information that will be available to EnCase each time it is opened, regardless of the active case(s).

C.

Storing pointers to acquired evidence.

D.

Storing the results of a signature analysis.

The case file should be archived with the evidence files at the termination of a case.

A.

True

B.

False