1. Home
  2. Guidance Software
  3. GD0-100

Certification For ENCE North America

Exam Details

  • Exam Code
    :GD0-100
  • Exam Name
    :Certification For ENCE North America
  • Certification
    :Guidance Software Certifications
  • Vendor
    :Guidance Software
  • Total Questions
    :185 Q&As
  • Last Updated
    :Jul 06, 2025

Guidance Software Guidance Software Certifications GD0-100 Questions & Answers

  • Question 111:

    Assume that MyNote.txt has been deleted. The FAT file system directory entry for that file has been overwritten. The data for MyNote.txt is now:

    A. Overwritten

    B. Allocated

    C. Cross-linked

    D. Unallocated

  • Question 112:

    A hard drive was imaged using EnCase. The original drive was placed into evidence. The restore feature was used to make a copy of the original hard drive. EnCase verifies the restored copy using:

    A. An MD5 hash

    B. A 32 bit CRC

    C. Nothing. Restored volumes are not verified.

    D. A running log

  • Question 113:

    A restored floppy diskette will have the same hash value as the original diskette.

    A. True

    B. False

  • Question 114:

    During the power-up sequence, which of the following happens first?

    A. The boot sector is located on the hard drive.

    B. Theower On Self-Test.? 7KH ? RZHU2Q6HOI7HVW

    C. The floppy drive is checked for a diskette.

    D. The BIOS on an add-in card is executed.

  • Question 115:

    Which of the following is found in the FileSignatures.ini configuration file

    A. The results of a hash analysis

    B. The information contained in the signature table

    C. The results of a signature analysis

    D. Pointers to an evidence file

  • Question 116:

    To generate an MD5 hash value for a file, EnCase:

    A. Computes the hash value including the logical file and filename.

    B. Computes the hash value including the physical file and filename.

    C. Computes the hash value based on the logical file.

    D. Computes the hash value based on the physical file.

  • Question 117:

    When a non-compressed evidence file is reacquired with compression, the acquisition and verification hash values for the evidence will remain the same for both files.

    A. True

    B. False

  • Question 118:

    In hexadecimal notation, one byte is represented by _____ character(s).

    A. 2

    B. 1

    C. 8

    D. 4

  • Question 119:

    A personal data assistant was placed in a evidence locker until an examiner has time to examine it. Which of the following areas would require special attention?

    A. Chain-of-custody

    B. Storage

    C. There is no concern

    D. Cross-contamination

  • Question 120:

    The EnCase methodology dictates that the lab drive for evidence have a __________ prior to making an image.

    A. FAT 16 partition

    B. NTFS partition

    C. unique volume label

    D. bare, unused partition

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Guidance Software exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your GD0-100 exam preparations and Guidance Software certification application, do not hesitate to visit our Vcedump.com to find your solutions here.