Guidance_Software
GD0-100 · Question #103
GD0-100 Question #103: Real Exam Question with Answer & Explanation
Sign in or unlock GD0-100 to reveal the answer and full explanation for question #103. The question stem and answer options stay visible for context.
Question
You are investigating a case involving fraud. You seized a computer from a suspect who stated that the computer is not used by anyone other than himself. The computer has Windows 98 installed on the hard drive. You find the filename C:\downloads\check01.jpg?that EnCase shows as being moved. The starting extent is 0C4057. You find another filename C:\downloads\chk1.dll with the starting extent 0C4057, which EnCase also shows as being moved. In the C:\windows\System folder you find an allocated file named chk1.dll with the starting extent 0C4057. The chk1.dll file is a JPEG image of a counterfeit check. Could this information be used to refute the suspect claim that he never knew it was on the computer?
Options
- AYes, because the chk1.dll file was moved and renamed.
- BNo, because the Windows operating system likely moved and renamed the chk1.dll file during
- CNo, because the chk1.dll file has no evidentiary value.
- DYes, because the ch1.dll is all the evidence required to prove the case.
Unlock GD0-100 to see the answer
You've previewed enough free GD0-100 questions. Unlock GD0-100 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.