Which of the following selections would be used to keep track of a fragmented file in the FAT file system?
A. The directory entry for the fragmented file
B. The partition table of extents
C. The File Allocation Table
D. All of the above
When can an evidence file containing a NTFS partition be logically restored to a FAT 32 partition?
A. Never
B. When the FAT 32 has the same number of sectors / clusters.
C. When the FAT 32 is the same size or bigger.
D. Both a and b
A standard DOS 6.22 boot disk is acceptable for booting a suspect drive.
A. True
B. False
The case file should be archived with the evidence files at the termination of a case.
A. True
B. False
A signature analysis has been run on a case. The result "Bad Signature " means:
A. The file signature is known and does not match a known file header.
B. The file signature is known and the file extension is known.
C. The file signature is known and does not match a known file extension.
D. The file signature is unknown and the file extension is known.
An evidence file was archived onto five CD-Rom disks with the third file segment on disk number three. Can the contents of the third file segment be verified by itself while still on the CD?
A. No. Archived files are compressed and cannot be verified until un-archived.
B. No. All file segments must be put back together.
C. Yes. Any segment of an evidence file can be verified through re-computing and comparing the CRCs, even if it is on a CD.
D. No. EnCase cannot verify files on CDs.
This question addresses the EnCase for Windows search process. If a target word is within a logical file, and it begins in cluster 10 and ends in cluster 15 (the word is fragmented), the search:
A. Will not find it unlessile slack is checked on the search dialog box.
B. Will find it because EnCase performs a logical search.
C. Will not find it because EnCase performs a physical search only.
D. Will not find it because the letters of the keyword are not contiguous.
The following GREP expression was typed in exactly as shown. Choose the answer(s) that would result. [^a-z] Tom[^a-z]
A. Tomato
B. om RP
C. Toms
D. Stomp
A SCSI drive is pinned as a master when it is:
A. The only drive on the computer.
B. The primary of two drives connected to one cable.
C. Whenever another drive is on the same cable and is pinned as a slave.
D. A SCSI drive is not pinned as a master.
By default, EnCase will display the data from the end of a logical file, to the end of the cluster, in what color:
A. Red
B. Red on black
C. Black on red
D. Black
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Guidance Software exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your GD0-100 exam preparations and Guidance Software certification application, do not hesitate to visit our Vcedump.com to find your solutions here.