1. Home
  2. Guidance Software
  3. EnCE
  4. GD0-100
  5. Certification Exam For ENCE North America Questions and Answers

Pass the Guidance Software EnCE GD0-100 Questions and answers with CertsForce

 Guidance Software Exams      Go to Exam Detail      Get Premium Access
Viewing page 1 out of 6 pages
Viewing questions 1-10 out of questions
Questions # 1:

EnCase is able to read and examine which of the following file systems?

Options:
A.

NTFS

B.

EXT3

C.

FAT

D.

HFS

Expert Solution
Questions # 2:

In Windows 2000 and XP, which of the following directories contain user personal folders?

Options:
A.

C:\Personnel Folders

B.

C:\WINNT\Profiles

C.

C:\Windows\Users

D.

C:\Documents and Settings

Expert Solution
Questions # 3:

The EnCase signature analysis is used to perform which of the following actions?

Options:
A.

Analyzing the relationship of a file signature to its file extension.Analyzing the relationship of a file signature to its file extension.

B.

Analyzing the relationship of a file signature to its file header.Analyzing the relationship of a file signature to its file header.

C.

Analyzing the relationship of a file signature to a list of hash sets.Analyzing the relationship of a file signature to a list of hash sets.

D.

Analyzing the relationship of a file signature to its computed MD5 hash value.Analyzing the relationship of a file signature to its computed MD5 hash value.

Expert Solution
Questions # 4:

EnCase uses the _________________ to conduct a signature analysis.

Options:
A.

Both a and b

B.

file signature table

C.

hash library

D.

file Viewers

Expert Solution
Questions # 5:

The following GREP expression was typed in exactly as shown. Choose the answer(s) that would result. [^a-z] Tom[^a-z]

Options:
A.

Tomato

B.

om? ? RP

C.

Toms

D.

Stomp

Expert Solution
Questions # 6:

The EnCase case file can be best described as:

Options:
A.

The file that runs EnCase for Windows.

B.

A filecontain configuration settings for cases.

C.

None of the above.

D.

A file that contains information specific to one case.

Expert Solution
Questions # 7:

If an evidence file has been added to a case and completely verified, what happens if the data area within the evidence file is later changed?

Options:
A.

EnCase will allow the examiner to continue to access the rest of the evidence file that has not been changed.

B.

EnCase detect the error if the evidence file is manually re-verified.

C.

EnCase will detect the error when that area of the evidence file is accessed by the user.

D.

All of the above.

Expert Solution
Questions # 8:

The term signature and reader as they relate to a signature analysis are

Options:
A.

The signature is the file extension. The header is a standard pattern normally found at the beginning of a file.

B.

Synonymous.

C.

Areas compared with each other to verify the correct file type.

D.

None of the above

Expert Solution
Questions # 9:

A sector on a floppy disk is the same size as a sector on a NTFS formatted hard drive.

Options:
A.

False

B.

True

Expert Solution
Questions # 10:

Using good forensic practices, when seizing a computer at a business running Windows 2000 Server you should:

Options:
A.

Pull the plug from the back of the computer.

B.

Press the power button and hold it in.

C.

Shut it down normally.

D.

Pull the plug from the wall.

Expert Solution
Viewing page 1 out of 6 pages
Viewing questions 1-10 out of questions