GD0-100 Exam Questions
173 real GD0-100 exam questions with expert-verified answers and explanations. Page 2 of 4.
- Question #52
Within EnCase, you highlight a range of data within a file. The length indicator displays the value 30. How many bytes have you actually selected?
- Question #53
A sector on a floppy disk is the same size as a sector on a NTFS formatted hard drive.
- Question #54
Pressing the power button on a computer that is running could have which of the following results?
- Question #55
In the EnCase environment, the term uxternal viewers is best described as:
- Question #56
A SCSI drive is pinned as a master when it is:
- Question #57
When Unicode is selected for a search keyword, EnCase:
- Question #58
How many clusters can a FAT 16 system address?
- Question #59
A file extension and signature can be manually added by:
- Question #60
In Windows, the file MyNote.txt is deleted from C Drive and is automatically sent to the recycle Bin. The long filename was MyNote.txt and the short filename was MYNOTE.TXT. When v...
- Question #61
You are investigating a case involving fraud. You seized a computer from a suspect who stated that the computer is not used by anyone other than himself. The computer has Windows 9...
- Question #62
To undelete a file in the FAT file system, EnCase obtains the starting extent from the:
- Question #63
Which of the following would most likely be an add-in card?
- Question #64
Which of the following is found in the FileSignatures.ini configuration file?
- Question #65
The default export folder remains the same for all cases.
- Question #66
Assume that MyNote.txt was allocated to clusters 5, 9, and 11. Cluster 6, 7, and 8 belong to MyResume.doc. Both files have been deleted and the directory entry in the FAT file syst...
- Question #67
Which of the following directories contain the information that is found on a Windows 98 Desktop?
- Question #68
If a hard drive is left in a room while acquiring, and several persons have access to that room, which of the following areas would be of most concern?
- Question #69
In Windows 2000 and XP, which of the following directories contain user personal folders?
- Question #70
By default, what color does EnCase use for the contents of a logical file?
- Question #71
A hash library would most accurately be described as:
- Question #72
A standard DOS 6.22 boot disk is acceptable for booting a suspect drive.
- Question #73
By default, EnCase will display the data from the end of a logical file, to the end of the cluster, in what color:
- Question #74
If a hash analysis is run on a case, EnCase:
- Question #75
Creating an image of a hard drive that was seized as evidence:
- Question #76
Which of the following selections would be used to keep track of a fragmented file in the FAT file system?
- Question #77
A suspect typed a file on his computer and saved it to a floppy diskette. The filename was MyNote.txt. You receive the floppy and the suspect's computer. The suspect denies that th...
- Question #78
Using good forensic practices, when seizing a computer at a business running Windows 2000 Server you should:
- Question #79
A signature analysis has been run on a case. The result !Bad Signature means:
- Question #80
A FAT directory has as a logical size of:
- Question #81
What are the EnCase configuration .ini files used for?
- Question #82
Assume that an evidence file is added to a case, the case is saved, and the case is closed. What happens if the evidence file is moved, and the case is then opened?
- Question #83
The EnCase case file can be best described as:
- Question #84
The case file should be archived with the evidence files at the termination of a case.
- Question #85
Select the appropriate name for the highlighted area of the binary numbers.
- Question #86
You are conducting an investigation and have encountered a computer that is running in the field. The operating system is Windows XP. A software program is currently running and is...
- Question #87
An Enhanced Metafile would best be described as:
- Question #88
Changing the filename of a file will change the hash value of the file.
- Question #89
The results of a hash analysis on an evidence file that has been added to a case will be stored in which of the following files?
- Question #90
In Unicode, one printed character is composed of ____ bytes of data.
- Question #91
To generate an MD5 hash value for a file, EnCase:
- Question #92
What does the acronym BIOS stand for?
- Question #93
The EnCase signature analysis is used to perform which of the following actions?
- Question #94
The spool files that are created during a print job are __________ after the print job is completed.
- Question #95
The following keyword was typed in exactly as shown. Choose the answer(s) that would result. All search criteria have default settings. credit card
- Question #96
What files are reconfigured or deleted by EnCase during the creation of an EnCase boot disk?
- Question #97
A hard drive was imaged using EnCase. The original drive was placed into evidence. The restore feature was used to make a copy of the original hard drive. EnCase verifies the resto...
- Question #98
Which of the following would be a true statement about the function of the BIOS?
- Question #99
Within EnCase, what is purpose of the default export folder?
- Question #100
The following keyword was typed in exactly as shown. Choose the answer(s) that would result. All search criteria have default settings. Speed and Meth
- Question #101
You are assigned to assist with the search and seizure of several computers. The magistrate ordered that the computers cannot be seized unless they are found to contain any one of...