Month End Sale 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sale65best

Free Guidance Software GD0-100 Practice Exam with Questions & Answers

Questions 1

You are assigned to assist with the search and seizure of several computers. The magistrate ordered that the computers cannot be seized unless they are found to contain any one of ten previously identified images. You currently have the ten images in JPG format. Using the EnCase methodology, how would you best handle this situation?

Options:
A.

UseFastBloc or a network/parallel port cable to preview the hard drives. Go to the Gallery view and search for the previously identified images.

B.

UseFastBloc or a network/parallel port cable to acquire forensic images of the hard drives, then search the evidence files for the previously identified images.

C.

UseFastBloc or a network/parallel port cable to preview the hard drives. Conduct a hash analysis of the files on the hard drives, using a hash library containing the hash values of the previously identified images.

D.

Use an EnCase DOS boot disk to conduct a text search for child porn. Use an EnCase DOS boot disk to conduct a text search for child porn?

Guidance Software GD0-100 Premium Access
Questions 2

A SCSI host adapter would most likely perform which of the following tasks?

Options:
A.

Configure the motherboard settings to the BIOS.

B.

Set up the connection of IDE hard drives.

C.

Make SCSI hard drives and other SCSI devices accessible to the operating system.

D.

None of the above.

Questions 3

Within EnCase, you highlight a range of data within a file. The length indicator displays the value 30. How many bytes have you actually selected?

Options:
A.

30

B.

3

C.

60

D.

15

Questions 4

EnCase marks a file as overwritten when _____________ has been allocated to another file.

Options:
A.

all of the file

B.

the starting cluster of the file

C.

the directory entry for the file

D.

any part of the file

Questions 5

You are an investigator and have encountered a computer that is running at the home of a suspect. The computer does not appear to be a part of a network. The operating system is Windows XP Home. No programs are visibly running. You should:

Options:
A.

Pull the plug from the back of the computer.

B.

Turn it off with the power button.

C.

Pull the plug from the wall.

D.

Shut it down with the start menu.

Questions 6

How many partitions can be found in the boot partition table found at the beginning of the drive?

Options:
A.

8

B.

4

C.

6

D.

2

Questions 7

The results of a hash analysis on an evidence file that has been added to a case will be stored in which of the following files?

Options:
A.

The evidence file

B.

All of the above

C.

The case file

D.

The configuration HashAnalysis.ini file

Questions 8

EnCase can build a hash set of a selected group of files.

Options:
A.

True

B.

False

Questions 9

When a file is deleted in the FAT file system, what happens to the FAT?

Options:
A.

The FAT entries for that file are marked as allocated.

B.

Nothing.

C.

It is deleted as well.

D.

The FAT entries for that file are marked as available.

Questions 10

Pressing the power button on a computer that is running could have which of the following results?

Options:
A.

The computer will instantly shut off.

B.

The computer will go into stand-by mode.

C.

Nothing will happen.

D.

All of the above could happen.

E.

The operating system will shut down normally.

Exam Code: GD0-100
Certification Provider: Guidance Software
Exam Name: Certification Exam For ENCE North America
Last Update: May 24, 2025
Questions: 176

Guidance Software Related Exams

How to pass Guidance Software GD0-110 - Certification Exam for EnCE Outside North America Exam
Guidance Software Free Access
Get Guidance Software Full Access

Guidance Software Free Exams
Guidance Software Free Exams
Access free Guidance Software exam study guides and practice tests at Examstrack. Ensure your success with top-notch preparation resources at Examstrack.