Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmaspas7

Easiest Solution 2 Pass Your Certification Exams

GD0-100 Guidance Software Certification Exam For ENCE North America Free Practice Exam Questions (2025 Updated)

Prepare effectively for your Guidance Software GD0-100 Certification Exam For ENCE North America certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2025, ensuring you have the most current resources to build confidence and succeed on your first attempt.

Guidance Software GD0-100 Premium Access     Download Demo    
Page: 2 / 3
Total 176 questions

Within EnCase, clicking on Save on the toolbar affects what file(s)?

A.

All of the above

B.

The evidence files

C.

The open case file

D.

The configuration .ini files

Using good forensic practices, when seizing a computer at a business running Windows 2000 Server you should:

A.

Pull the plug from the back of the computer.

B.

Press the power button and hold it in.

C.

Shut it down normally.

D.

Pull the plug from the wall.

Consider the following path in a FAT file system:

A.

From the My Pictures directory

B.

From the My Documents directory

C.

From the root directory c:\

D.

From itself

Select the appropriate name for the highlighted area of the binary numbers.

A.

Byte

B.

Dword

C.

Bit

D.

Word

E.

Nibble

An EnCase evidence file of a hard drive ________ be restored to another hard drive of equal or greater size.

A.

can

B.

cannot

What information should be obtained from the BIOS during computer forensic investigations?

A.

The video caching information

B.

The date and time

C.

The port assigned to the serial port

D.

The boot sequence

Which statement would most accurately describe a motherboard?

A.

An add-in card that handles allRAM.

B.

Any circuit board, regardless of its function.

C.

The main circuit board that has slots for the microprocessor, RAM, ROM, and add-in cards.

D.

An add-in card that controls all hard drive activity.

The following GREP expression was typed in exactly as shown. Choose the answer(s) that would result.[\x00-\x05]\x00\x00?>[?[@?[?[?[

A.

FF 0000 00 00 FF BA

B.

0000 00 01 FF FF BA

C.

04 06 0000 00 FF FF BA

D.

04 0000 00 FF FF BA

A physical file size is:

A.

The total size in sectors of an allocated file.

B.

The total size of all the clusters used by the file measured in bytes.

C.

The total size in bytes of a logical file.

D.

The total size of the file including the ram slack in bytes.

What are the EnCase configuration .ini files used for?

A.

Storing information that will be available to EnCase each time it is opened, regardless of the active case(s).

B.

Storing the results of a signature analysis.

C.

Storing information that is specific to a particular case.

D.

Storing pointers to acquired evidence.

Select the appropriate name for the highlighted area of the binary numbers.

A.

Byte

B.

Dword

C.

Word

D.

Bit

E.

Nibble

Search terms are stored in what .ini configuration file

A.

FileSignatures.ini

B.

Keywords.ini

C.

TextStyle.ini

D.

FileTypes.ini

Which of the following would be a true statement about the function of the BIOS?

A.

The BIOS integrates compressed executable files with memory addresses for faster execution.

B.

The BIOS is responsible for checking and configuring the system after the power is turned on.

C.

The BIOS is responsible for swapping out memory pages when RAM fills up.

D.

Both a and c.

A signature analysis has been run on a case. The result ?*JPEG ?in the signature column means:

A.

The file signature is unknown and the header is a JPEG.

B.

The file signature is a JPEG signature and the file extension is incorrect.

C.

The file signature is unknown and the file extension is JPEG.

D.

None of the above.

To later verify the contents of an evidence file 7RODWHUYHULI\WKHFRQWHQWVRIDQHYLGHQFHILOH

A.

EnCase writes a CRC value for every 64 sectors copied.

B.

EnCase writes a CRC value for every 128 sectors copied.

C.

EnCase writes an MD5 hash value every 64 sectors copied.

D.

EnCase writes an MD5 hash value for every 32 sectors copied.

If an evidence file has been added to a case and completely verified, what happens if the data area within the evidence file is later changed?

A.

EnCase will allow the examiner to continue to access the rest of the evidence file that has not been changed.

B.

EnCase detect the error if the evidence file is manually re-verified.

C.

EnCase will detect the error when that area of the evidence file is accessed by the user.

D.

All of the above.

Select the appropriate name for the highlighted area of the binary numbers.

A.

Bit

B.

Nibble

C.

Word

D.

Dword

E.

Byte

A standard Windows 98 boot disk is acceptable for booting a suspect drive.

A.

True

B.

False

Select the appropriate name for the highlighted area of the binary numbers.

A.

Word

B.

Byte

C.

Bit

D.

Nibble

E.

Dword

How many partitions can be found in the boot partition table found at the beginning of the drive?

A.

8

B.

4

C.

6

D.

2

Guidance Software GD0-100 Premium Access     Download Demo    
Page: 2 / 3
Total 176 questions
Copyright © 2014-2025 Solution2Pass. All Rights Reserved