- Home
- Guidance Software
- Certification Exam For ENCE North America
- GuidanceSoftware.GD0-100.v2018-06-01.q170
- Question 150
Valid GD0-100 Dumps shared by ExamDiscuss.com for Helping Passing GD0-100 Exam! ExamDiscuss.com now offer the newest GD0-100 exam dumps, the ExamDiscuss.com GD0-100 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com GD0-100 dumps with Test Engine here:
Access GD0-100 Dumps Premium Version
(172 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 150/170
How does EnCase verify that the case information (Case Number, Evidence Number, Investigator Name, etc) in an evidence file has not been damaged or changed, after the evidence file has been written?
Correct Answer: A
- Question List (170q)
- Question 1: 4 bits allows what number of possibilities?...
- Question 2: Which of the following items could contain digital evidence?...
- Question 3: The following GREP expression was typed in exactly as shown....
- Question 4: ROM is an acronym for:
- Question 5: A logical file would be best described as:...
- Question 6: The boot partition table found at the beginning of a hard dr...
- Question 7: A CPU is:
- Question 8: Assume that an evidence file is added to a case, the case is...
- Question 9: Assume that MyNote.txt has been deleted. The FAT file system...
- Question 10: How does EnCase verify that the evidence file contains an ex...
- Question 11: The term signature and header as they relate to a signature ...
- Question 12: In the EnCase environment, the term external viewers is best...
- Question 13: EnCase can build a hash set of a selected group of files....
- Question 14: A signature analysis has been run on a case. The result "Bad...
- Question 15: GREP terms are automatically recognized as GREP by EnCase....
- Question 16: A hash library would most accurately be described as:...
- Question 17: The temporary folder of a case cannot be changed once it has...
- Question 18: A FAT directory has as a logical size of:...
- Question 19: The signature table data is found in which of the following ...
- Question 20: A hard drive has 8 sectors per cluster. File Mystuff.doc has...
- Question 21: In the FAT file system, the size of a deleted file can be fo...
- Question 22: Assume that MyNote.txt was allocated to clusters 5, 9, and 1...
- Question 23: If cluster #3552 entry in the FAT table contains a value of ...
- Question 24: Pressing the power button on a computer that is running coul...
- Question 25: Which statement would most accurately describe a motherboard...
- Question 26: How are the results of a signature analysis examined?...
- Question 27: A hash set would most accurately be described as:...
- Question 28: The EnCase methodology dictates that ________ be created pri...
- Question 29: Using good forensic practices, when seizing a computer at a ...
- Question 30: Will EnCase allow a user to write data into an acquired evid...
- Question 31: Which of the following aspects of the EnCase evidence file c...
- Question 32: This question addresses the EnCase for Windows search proces...
- Question 33: RAM is tested during which phase of the power-up sequence?...
- Question 34: If cases are worked on a lab drive in a secure room, without...
- Question 35: Within EnCase for Windows, the search process is:...
- Question 36: How many clusters can a FAT 16 system address?...
- Question 37: A restored floppy diskette will have the same hash value as ...
- Question 38: The EnCase signature analysis is used to perform which of th...
- Question 39: Which of the following would most likely be an add-in card?...
- Question 40: Which of the following is found in the FileSignatures.ini co...
- Question 41: The following keyword was typed in exactly as shown. Choose ...
- Question 42: The acronym ASCII stands for:
- Question 43: Hash libraries are commonly used to:...
- Question 44: In DOS and Windows, how many bytes are in one FAT directory ...
- Question 45: What information in a FAT file system directory entry refers...
- Question 46: Consider the following path in a FAT file system:...
- Question 47: The following keyword was typed in exactly as shown. Choose ...
- Question 48: You are investigating a case of child pornography on a hard ...
- Question 49: In Windows 2000 and XP, which of the following directories c...
- Question 50: In Windows 98 and ME, Internet based e-mail, such as Hotmail...
- Question 51: Which is the proper formula for determining the size in byte...
- Question 52: Searches and bookmarks are stored in the evidence file....
- Question 53: You are examining a hard drive that has Windows XP installed...
- Question 54: A hard drive was imaged using EnCase. The original drive was...
- Question 55: The Unicode system can address ____ characters?...
- Question 56: When an EnCase user double-clicks on a file within EnCase wh...
- Question 57: To undelete a file in the FAT file system, EnCase computes t...
- Question 58: RAM is used by the computer to:...
- Question 59: You are conducting an investigation and have encountered a c...
- Question 60: An evidence file was archived onto five CD-Rom disks with th...
- Question 61: If cluster number 10 in the FAT contains the number 55, this...
- Question 62: In Windows, the file MyNote.txt is deleted from C Drive and ...
- Question 63: Which of the following statements is more accurate?...
- Question 64: A physical file size is:
- Question 65: EnCase uses the _________________ to conduct a signature ana...
- Question 66: The default export folder remains the same for all cases....
- Question 67: By default, what color does EnCase use for the contents of a...
- Question 68: An EnCase evidence file of a hard drive ________ be restored...
- Question 69: Temp files created by EnCase are deleted when EnCase is prop...
- Question 70: The following keyword was typed in exactly as shown. Choose ...
- Question 71: The results of a hash analysis on an evidence file that has ...
- Question 72: When handling computer evidence, an investigator should:...
- Question 73: When can an evidence file containing a NTFS partition be log...
- Question 74: Within EnCase, you highlight a range of data within a file. ...
- Question 75: A personal data assistant was placed in an evidence locker u...
- Question 76: When a file is deleted in the FAT or NTFS file systems, what...
- Question 77: A SCSI host adapter would most likely perform which of the f...
- Question 78: The spool files that are created during a print job are ____...
- Question 79: Two allocated files can occupy one cluster, as long as they ...
- Question 80: To later verify the contents of an evidence file 7RODWHUYHUL...
- Question 81: For an EnCase evidence file acquired with a hash value to pa...
- Question 82: Calls to the C:\ volume of the hard drive are not made by DO...
- Question 83: You are investigating a case involving fraud. You seized a c...
- Question 84: You are at an incident scene and determine that a computer c...
- Question 85: An Enhanced Metafile would best be described as:...
- Question 86: All investigators using EnCase should run tests on the evide...
- Question 87: A SCSI drive is pinned as a master when it is:...
- Question 88: During the power-up sequence, which of the following happens...
- Question 89: A case file can contain ____ hard drive images?...
- Question 90: The first sector on a volume is called the:...
- Question 91: When an EnCase user double-clicks on a valid .jpg file, that...
- Question 92: The following GREP expression was typed in exactly as shown....
- Question 93: What are the EnCase configuration .ini files used for?...
- Question 94: The maximum file segment size for an EnCase evidence file is...
- Question 95: You are working in a computer forensic lab. A law enforcemen...
- Question 96: The MD5 hash algorithm produces a _____ number....
- Question 97: The EnCase case file can be best described as:...
- Question 98: What information should be obtained from the BIOS during com...
- Question 99: A standard Windows 98 boot disk is acceptable for booting a ...
- Question 100: When Unicode is selected for a search keyword, EnCase:...
- Question 101: This question addresses the EnCase for Windows search proces...
- Question 102: The EnCase methodology dictates that the lab drive for evide...
- Question 103: A file extension and signature can be manually added by:...
- Question 104: Within EnCase, what is purpose of the default export folder?...
- Question 105: Within EnCase, clicking on Save on the toolbar affects what ...
- Question 106: Search terms are stored in what .ini configuration file...
- Question 107: The following GREP expression was typed in exactly as shown....
- Question 108: By default, what color does EnCase use for slack?...
- Question 109: In DOS acquisition mode, if a physical drive is detected, bu...
- Question 110: A standard DOS 6.22 boot disk is acceptable for booting a su...
- Question 111: To undelete a file in the FAT file system, EnCase obtains th...
- Question 112: How many copies of the FAT are located on a FAT 32, Windows ...
- Question 113: Which of the following selections would be used to keep trac...
- Question 114: A hard drive has been formatted as NTFS and Windows XP was i...
- Question 115: You are assigned to assist with the search and seizure of se...
- Question 116: By default, EnCase will display the data from the end of a l...
- Question 117: Changing the filename of a file will change the hash value o...
- Question 118: What does the acronym BIOS stand for?...
- Question 119: Which of the following directories contain the information t...
- Question 120: Which of the following is commonly used to encode e-mail att...
- Question 121: RAM is an acronym for:
- Question 122: The FAT in the File Allocation Table file system keeps track...
- Question 123: Search terms are case sensitive by default....
- Question 124: The EnCase evidence file logical filename can be changed wit...
- Question 125: The following GREP expression was typed in exactly as shown....
- Question 126: If a hard drive is left in a room while acquiring, and sever...
- Question 127: EnCase is able to read and examine which of the following fi...
- Question 128: When a file is deleted in the FAT file system, what happens ...
- Question 129: EnCase can make an image of a USB flash drive....
- Question 130: An evidence file can be moved to another directory without c...
- Question 131: A suspect typed a file on his computer and saved it to a flo...
- Question 132: When a drive letter is assigned to a logical volume, that in...
- Question 133: The case file should be archived with the evidence files at ...
- Question 134: A sector on a hard drive contains how many bytes?...
- Question 135: A sector on a floppy disk is the same size as a sector on a ...
- Question 136: Before utilizing an analysis technique on computer evidence,...
- Question 137: In hexadecimal notation, one byte is represented by _____ ch...
- Question 138: Creating an image of a hard drive that was seized as evidenc...
- Question 139: EnCase marks a file as overwritten when _____________ has be...
- Question 140: The Windows 98 Start Menu has a selection called documents w...
- Question 141: In Unicode, one printed character is composed of ____ bytes ...
- Question 142: To generate an MD5 hash value for a file, EnCase:...
- Question 143: Which of the following would be a true statement about the f...
- Question 144: Search results are found in which of the following files? Se...
- Question 145: Select the appropriate name for the highlighted area of the ...
- Question 146: How many partitions can be found in the boot partition table...
- Question 147: You are an investigator and have encountered a computer that...
- Question 148: What files are reconfigured or deleted by EnCase during the ...
- Question 149: A signature analysis has been run on a case. The result "JPE...
- Question 150: How does EnCase verify that the case information (Case Numbe...
- Question 151: The case number in an evidence file can be changed without c...
- Question 152: When undeleting a file in the FAT file system, EnCase will c...
- Question 153: If an evidence file has been added to a case and completely ...
- Question 154: The BIOS chip on an IBM clone computer is most commonly loca...
- Question 155: When a non-compressed evidence file is reacquired with compr...
- Question 156: The following GREP expression was typed in exactly as shown....
- Question 157: The following keyword was typed in exactly as shown. Choose ...
- Question 158: The EnCase default export folder is:...
- Question 159: Which of the following selections is NOT found in the case f...
- Question 160: The first sector on a hard drive is called the:...
- Question 161: Within EnCase, what is the purpose of the temp folder?...
- Question 162: If a hash analysis is run on a case, EnCase:...
- Question 163: How many copies of the FAT are located on a FAT 32, Windows ...
- Question 164: Bookmarks are stored in which of the following files?...
- Question 165: If a floppy diskette is in the drive, the computer will alwa...
- Question 166: The EnCase evidence file is best described as:...
- Question 167: When a file is deleted in the FAT file system, what happens ...
- Question 168: When a document is printed using EMF in Windows, what file(s...
- Question 169: The end of a logical file to the end of the cluster that the...
- Question 170: When does the POST operation occur?...
[×]
Download PDF File
Enter your email address to download GuidanceSoftware.GD0-100.v2018-06-01.q170.pdf