1. Home
  2. Guidance Software
  3. GD0-100

Certification For ENCE North America

Exam Details

  • Exam Code
    :GD0-100
  • Exam Name
    :Certification For ENCE North America
  • Certification
    :Guidance Software Certifications
  • Vendor
    :Guidance Software
  • Total Questions
    :185 Q&As
  • Last Updated
    :Jul 06, 2025

Guidance Software Guidance Software Certifications GD0-100 Questions & Answers

  • Question 51:

    The following keyword was typed in exactly as shown. Choose the answer(s) that would result. All search criteria have default settings. credit card

    A. Card

    B. Credit Card

    C. credit card

    D. Credit

  • Question 52:

    A hard drive has been formatted as NTFS and Windows XP was installed. The user used fdisk to remove all partitions from that drive. Nothing else was done. You have imaged the drive and have opened the evidence file with EnCase. What would be the best way to examine this hard drive?

    A. Use the add Partition feature to rebuild the partition and then examine the system. Use the add Partition feature to rebuild the partition and then examine the system.

    B. EnCase will not see a drive that has beenfdisked.

    C. Conduct a physical search of the hard drive and bookmark any evidence.

    D. Use the Recovered Deleted Partitions feature and then examine the system.

  • Question 53:

    You are working in a computer forensic lab. A law enforcement investigator brings you a computer and a valid search warrant. You have legal authority to search the computer. The investigator hands you a piece of paper that has three printed checks on it. All three checks have the same check and account number. You image the suspect computer and open the evidence file with EnCase. You checks have the same check and account number. You image the suspect's computer and open the evidence file with EnCase. You perform a text search for the account number and check number. Nothing returns on the search results. You perform a text search for all other information found on the printed checks and there is still nothing returned in the search results. You run a signature analysis and check the gallery. You cannot locate any graphical copies of the printed checks in the gallery. At this point, is it safe to say that the checks are not located on the suspect computer?

    A. No. The images could be located a compressed file.

    B. No. The images could be embedded in a document.

    C. No. The images could be in unallocated clusters.

    D. No. The images could be in an image format not viewable inside EnCase.

    E. All of the above.

  • Question 54:

    The end of a logical file to the end of the cluster that the file ends in is called:

    A. Allocated space

    B. Slack

    C. Unallocated space

    D. Available space

  • Question 55:

    In the EnCase environment, the term xternal viewers?is best described as: In the EnCase environment, the term ?xternal viewers?is best described as:

    A. Programs that are exported out of an evidence file.

    B. Any program that will work with EnCase.

    C. Any program that is loaded on the lab hard drive.

    D. Programsthat are associated with EnCase to open specific file types.

  • Question 56:

    Within EnCase, what is the purpose of the temp folder?

    A. This is the folder used to hold copies of files that are sent to external viewers.

    B. This is the folder that will automatically store an evidence file when the acquisition is made in DOS.

    C. This is the folder that temporarily stores all bookmark and search results.

    D. This is the folder that will be automatically selected when the copy/unerase feature is used. This is the folder that will be automatically selected when the copy/unerase feature is used.

  • Question 57:

    The following keyword was typed in exactly as shown. Choose the answer(s) that would be found. All search criteria have default settings. Tom

    A. Tomorrow

    B. [email protected]

    C. Tom

    D. Stomp

  • Question 58:

    A FAT directory has as a logical size of:

    A. 0 bytes

    B. One cluster

    C. 128 bytes

    D. 64 bytes

  • Question 59:

    Within EnCase, what is purpose of the default export folder?

    A. This is the folder that will be automatically selected when the copy/unerase feature is used.

    B. This is the folder that will automatically store an evidence file when the acquisition is made in DOS.

    C. This is the folder that temporarily stores all bookmark and search results.

    D. This is the folder used to hold copies of files that are sent to external viewers.

  • Question 60:

    When does the POST operation occur?

    A. When SCSI devices are configured.

    B. When Windows starts up.

    C. After a computer begins to boot from a device.

    D. When the power button to a computer is turnedon.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Guidance Software exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your GD0-100 exam preparations and Guidance Software certification application, do not hesitate to visit our Vcedump.com to find your solutions here.