In DOS and Windows, how many bytes are in one FAT directory entry?
A. Variable
B. 32
C. 16
D. 64
E. 8
What are the EnCase configuration .ini files used for?
A. Storing information that will be available to EnCase each time it is opened, regardless of the active case(s).
B. Storing the results of a signature analysis.
C. Storing information that is specific to a particular case.
D. Storing pointers to acquired evidence.
To undelete a file in the FAT file system, EnCase obtains the starting extent from the:
A. Directory entry
B. FAT
C. Operating system
D. File header
Assume that an evidence file is added to a case, the case is saved, and the case is closed. What happens if the evidence file is moved, and the case is then opened?
A. EnCase reports that the file integrity has been compromised and renders the file useless. EnCase reports that the file integrity has been compromised and renders the file useless.
B. EnCase opens the case, excluding the moved evidence.
C. EnCase asks for the location of the evidence file the next time the case is opened.
D. EnCase reports a different hash value for the evidence file.
All investigators using EnCase should run tests on the evidence file acquisition and verification process to:
A. Insure that the investigator is using the proper method of acquisition.
B. All of the above.
C. Further the investigator understanding of the evidence file. Further the investigator?understanding of the evidence file.
D. Give more weight to the investigator testimony in court. Give more weight to the investigator?testimony in court.
In DOS acquisition mode, if a physical drive is detected, but no partition information is displayed, what would be the cause:
A. Both a and b
B. The partition scheme is not recognized by DOS.
C. Neither a or b
D. There are no partitions present.
What information should be obtained from the BIOS during computer forensic investigations?
A. The video caching information
B. The date and time
C. The port assigned to the serial port
D. The boot sequence
The FAT in the File Allocation Table file system keeps track of:
A. All of the above.
B. File fragmentation
C. Clusters marked as bad
D. Every addressable cluster on the partition
A hash library would most accurately be described as:
A. A master table of file headers and extensions.
B. A file containing hash values from one or more selected hash sets.
C. Botha and b.
D. A list of the all the MD5 hash values used to verify the evidence files.
How does EnCase verify that the case information (Case Number, Evidence Number, Investigator Name, etc) in an evidence file has not been damaged or changed, after the evidence file has been written?
A. EnCase writes a CRC value of the case information and verifies the CRC value when the evidence is added to a case.
B. EnCase does not verify the case information and case information can be changed by the user as it becomes necessary.
C. The .case file writes a CRC value for the case information and verifies it when the case is opened.
D. EnCase writes an MD5 hash value for the entire evidence file, which includes the case information, and verifies the MD5 hash when the evidence is added to a case.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Guidance Software exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your GD0-100 exam preparations and Guidance Software certification application, do not hesitate to visit our Vcedump.com to find your solutions here.