Summer Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Ace the Guidance Software GD0-100 Exam: Ultimate Preparation Guide

Questions 11

Assume that MyNote.txt has been deleted. The FAT file system directory entry for that file has been overwritten.

The data for MyNote.txt is now:

Options:

A.

Overwritten

B.

Allocated

C.

Cross-linked

D.

Unallocated

Buy Now
Questions 12

EnCase can make an image of a USB flash drive.

Options:

A.

False

B.

True

Buy Now
Questions 13

How many copies of the FAT are located on a FAT 32, Windows 98-formatted partition?

Options:

A.

2

B.

3

C.

1

D.

4

Buy Now
Questions 14

A suspect typed a file on his computer and saved it to a floppy diskette. The filename was MyNote.txt. You receive the floppy and the suspect computer. The suspect denies that the floppy disk belongs to him. You search the suspect computer and locate only the suspect? computer. The suspect denies that the floppy disk belongs to him. You search the suspect? computer and locate only the filename within a .LNK file. The .LNK file is located in the folder C:\Windows\Recent. How you would use the .LNK file to establish a connection between the file on the floppy diskette and the suspect computer? connection between the file on the floppy diskette and the suspect? computer?

Options:

A.

Both a and b

B.

The dates and time of the file found in the .LNK file, at file offset 28

C.

The full path of the file, found in the .LNK file

D.

The file signature found in the .LNK file

Buy Now
Questions 15

An evidence file was archived onto five CD-Rom disks with the third file segment on disk number three. Can the contents of the third file segment be verified by itself while still on the CD?

Options:

A.

No. Archived files are compressed and cannot be verified until un-archived.

B.

No. All file segments must be put back together.

C.

Yes. Any segment of an evidence file can be verified through re-computing and comparing the CRCs, even if it is on a CD.

D.

No. EnCase cannot verify files on CDs.

Buy Now
Questions 16

Which of the following items could contain digital evidence?

Options:

A.

Credit card readers

B.

Personal assistant devices

C.

Cellular phones

D.

Digital cameras

Buy Now
Questions 17

By default, EnCase will display the data from the end of a logical file, to the end of the cluster, in what color:

Options:

A.

Red

B.

Red on black

C.

Black on red

D.

Black

Buy Now
Questions 18

What information should be obtained from the BIOS during computer forensic investigations?

Options:

A.

The video caching information

B.

The date and time

C.

The port assigned to the serial port

D.

The boot sequence

Buy Now
Questions 19

You are conducting an investigation and have encountered a computer that is running in the field. The operating system is Windows XP. A software program is currently running and is visible on the screen. You should:

Options:

A.

Navigate through the program and see what the program is all about, then pull the plug.

B.

Pull the plug from the back of the computer.

C.

Photograph the screen and pull the plug from the back of the computer.

D.

Pull the plug from the wall.

Buy Now
Questions 20

To undelete a file in the FAT file system, EnCase obtains the starting extent from the:

Options:

A.

Directory entry

B.

FAT

C.

Operating system

D.

File header

Buy Now
Exam Code: GD0-100
Exam Name: Certification Exam For ENCE North America
Last Update: Jun 25, 2024
Questions: 176

PDF + Testing Engine

$159.99
$64

Testing Engine

$119.99
$48

PDF (Q&A)

$99.99
$40