Month End Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sale65best

Ace the Guidance Software GD0-100 Exam: Ultimate Preparation Guide

Questions 11

Assume that MyNote.txt has been deleted. The FAT file system directory entry for that file has been overwritten.

The data for MyNote.txt is now:

Options:
A.

Overwritten

B.

Allocated

C.

Cross-linked

D.

Unallocated

Questions 12

EnCase can make an image of a USB flash drive.

Options:
A.

False

B.

True

Questions 13

How many copies of the FAT are located on a FAT 32, Windows 98-formatted partition?

Options:
A.

2

B.

3

C.

1

D.

4

Questions 14

A suspect typed a file on his computer and saved it to a floppy diskette. The filename was MyNote.txt. You receive the floppy and the suspect computer. The suspect denies that the floppy disk belongs to him. You search the suspect computer and locate only the suspect? computer. The suspect denies that the floppy disk belongs to him. You search the suspect? computer and locate only the filename within a .LNK file. The .LNK file is located in the folder C:\Windows\Recent. How you would use the .LNK file to establish a connection between the file on the floppy diskette and the suspect computer? connection between the file on the floppy diskette and the suspect? computer?

Options:
A.

Both a and b

B.

The dates and time of the file found in the .LNK file, at file offset 28

C.

The full path of the file, found in the .LNK file

D.

The file signature found in the .LNK file

Questions 15

An evidence file was archived onto five CD-Rom disks with the third file segment on disk number three. Can the contents of the third file segment be verified by itself while still on the CD?

Options:
A.

No. Archived files are compressed and cannot be verified until un-archived.

B.

No. All file segments must be put back together.

C.

Yes. Any segment of an evidence file can be verified through re-computing and comparing the CRCs, even if it is on a CD.

D.

No. EnCase cannot verify files on CDs.

Questions 16

Which of the following items could contain digital evidence?

Options:
A.

Credit card readers

B.

Personal assistant devices

C.

Cellular phones

D.

Digital cameras

Questions 17

By default, EnCase will display the data from the end of a logical file, to the end of the cluster, in what color:

Options:
A.

Red

B.

Red on black

C.

Black on red

D.

Black

Questions 18

What information should be obtained from the BIOS during computer forensic investigations?

Options:
A.

The video caching information

B.

The date and time

C.

The port assigned to the serial port

D.

The boot sequence

Questions 19

You are conducting an investigation and have encountered a computer that is running in the field. The operating system is Windows XP. A software program is currently running and is visible on the screen. You should:

Options:
A.

Navigate through the program and see what the program is all about, then pull the plug.

B.

Pull the plug from the back of the computer.

C.

Photograph the screen and pull the plug from the back of the computer.

D.

Pull the plug from the wall.

Questions 20

To undelete a file in the FAT file system, EnCase obtains the starting extent from the:

Options:
A.

Directory entry

B.

FAT

C.

Operating system

D.

File header

Exam Code: GD0-100
Certification Provider: Guidance Software
Exam Name: Certification Exam For ENCE North America
Last Update: Jan 24, 2025
Questions: 176

Guidance Software Related Exams

How to pass Guidance Software GD0-110 - Certification Exam for EnCE Outside North America Exam

Guidance Software Free Exams

Guidance Software Free Exams
Access free Guidance Software exam study guides and practice tests at Examstrack. Ensure your success with top-notch preparation resources at Examstrack.